ID CVE-2018-2972
Summary Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:10.0.1
    cpe:2.3:a:oracle:jdk:10.0.1
  • cpe:2.3:a:oracle:jre:10.0.1
    cpe:2.3:a:oracle:jre:10.0.1
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3747-2.NASL
    description USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details : It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-14
    modified 2018-09-13
    plugin id 117479
    published 2018-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117479
    title Ubuntu 18.04 LTS : openjdk-lts regression (USN-3747-2)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0167.NASL
    description An update of 'vim', 'ntp', 'openjdk', 'libmspack', 'blktrace', 'systemd', 'perl' packages of Photon OS has been released.
    last seen 2018-09-01
    modified 2018-08-17
    plugin id 111946
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111946
    title Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167
  • NASL family Windows
    NASL id ORACLE_JROCKIT_CPU_JUL_2018.NASL
    description The version of Oracle JRockit installed on the remote Windows host is R28.3.18. It is, therefore, affected by multiple vulnerabilities. See advisory for details.
    last seen 2018-09-19
    modified 2018-09-17
    plugin id 111214
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111214
    title Oracle JRockit R28.3.18 Multiple Vulnerabilities (July 2018 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-830.NASL
    description This java-11-openjdk update to version jdk-11+24 fixes the following issues : Security issues fixed : - CVE-2018-2940: Fix unspecified vulnerability in subcomponent Libraries (bsc#1101645). - CVE-2018-2952: Fix unspecified vulnerability in subcomponent Concurrency (bsc#1101651). - CVE-2018-2972: Fix unspecified vulnerability in subcomponent Security (bsc#1101655). - CVE-2018-2973: Fix unspecified vulnerability in subcomponent JSSE (bsc#1101656). This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111597
    published 2018-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111597
    title openSUSE Security Update : java-11-openjdk (openSUSE-2018-830)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3747-1.NASL
    description It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 112033
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112033
    title Ubuntu 18.04 LTS : openjdk-lts vulnerabilities (USN-3747-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-810.NASL
    description This update for OpenJDK 10.0.2 fixes the following security issues : - CVE-2018-2940: the libraries sub-component contained an easily exploitable vulnerability that allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining unauthorized read access to data that's accessible to the server. [bsc#1101645] - CVE-2018-2952: the concurrency sub-component contained a difficult to exploit vulnerability that allowed attackers to compromise Java SE, Java SE Embedded, or JRockit over the network. This issue could have been abused to mount a partial denial-of-service attack on the server. [bsc#1101651] - CVE-2018-2972: the security sub-component contained a difficult to exploit vulnerability that allowed attackers to compromise Java SE over the network, potentially gaining unauthorized access to critical data or complete access to all Java SE accessible data. [bsc#1101655) - CVE-2018-2973: the JSSE sub-component contained a difficult to exploit vulnerability allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining the ability to create, delete or modify critical data or all Java SE, Java SE Embedded accessible data without authorization. [bsc#1101656] Furthemore, the following bugs were fixed : - Properly remove the existing alternative for java before reinstalling it. [bsc#1096420] - idlj was moved to the *-devel package. [bsc#1096420] This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111572
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111572
    title openSUSE Security Update : java-10-openjdk (openSUSE-2018-810)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_JUL_2018.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components : - Concurrency - Deployment - JSSE - Java DB - JavaFX - Libraries - Security - Windows DLL
    last seen 2018-09-02
    modified 2018-07-20
    plugin id 111163
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111163
    title Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_JUL_2018_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components : - Concurrency - Deployment - JSSE - Java DB - JavaFX - Libraries - Security - Windows DLL
    last seen 2018-09-01
    modified 2018-07-20
    plugin id 111162
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111162
    title Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0077.NASL
    description An update of 'openjdk8' packages of Photon OS has been released.
    last seen 2018-09-02
    modified 2018-08-17
    plugin id 111961
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111961
    title Photon OS 2.0: Openjdk8 PHSA-2018-2.0-0077
refmap via4
bid 104782
confirm
sectrack 1041302
ubuntu USN-3747-1
Last major update 18-07-2018 - 09:29
Published 18-07-2018 - 09:29
Last modified 21-08-2018 - 06:29
Back to Top