ID CVE-2018-2678
Summary Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:xp7_command_view:8.6.2-01:*:*:*:advanced:*:*:*
    cpe:2.3:a:hp:xp7_command_view:8.6.2-01:*:*:*:advanced:*:*:*
  • cpe:2.3:a:hp:xp_p9000_command_view:8.6.2-01:*:*:*:advanced:*:*:*
    cpe:2.3:a:hp:xp_p9000_command_view:8.6.2-01:*:*:*:advanced:*:*:*
  • cpe:2.3:a:hp:xp_command_view:8.6.2-01:*:*:*:advanced:*:*:*
    cpe:2.3:a:hp:xp_command_view:8.6.2-01:*:*:*:advanced:*:*:*
CVSS
Base: 4.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1535036
    title CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095003
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095011
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095013
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095015
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095017
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095019
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095021
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.161-3.b14.el6_9
            oval oval:com.redhat.rhsa:tst:20180095023
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095026
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095027
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095029
          • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160049006
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095031
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095032
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095033
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095034
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095035
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095036
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095037
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095038
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095039
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095040
          • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180041
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095042
          • comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180043
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095044
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.161-0.b14.el7_4
            oval oval:com.redhat.rhsa:tst:20180095045
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2018:0095
    released 2018-01-17
    severity Important
    title RHSA-2018:0095: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id 1535353
    title CVE-2018-2657 Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.181-1jpp.2.el7
            oval oval:com.redhat.rhsa:tst:20180115001
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.181-1jpp.2.el7
            oval oval:com.redhat.rhsa:tst:20180115003
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.181-1jpp.2.el7
            oval oval:com.redhat.rhsa:tst:20180115005
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.181-1jpp.2.el7
            oval oval:com.redhat.rhsa:tst:20180115007
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.181-1jpp.2.el7
            oval oval:com.redhat.rhsa:tst:20180115009
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.181-1jpp.2.el7
            oval oval:com.redhat.rhsa:tst:20180115011
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.181-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20180115014
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.181-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20180115015
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.181-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20180115016
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.181-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20180115017
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.181-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20180115018
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.181-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20180115019
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    rhsa
    id RHSA-2018:0115
    released 2018-01-22
    severity Important
    title RHSA-2018:0115: java-1.6.0-sun security update (Important)
  • bugzilla
    id 1535036
    title CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.171-2.6.13.0.el6_9
            oval oval:com.redhat.rhsa:tst:20180349001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.171-2.6.13.0.el6_9
            oval oval:com.redhat.rhsa:tst:20180349003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.171-2.6.13.0.el6_9
            oval oval:com.redhat.rhsa:tst:20180349005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.171-2.6.13.0.el6_9
            oval oval:com.redhat.rhsa:tst:20180349007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.171-2.6.13.0.el6_9
            oval oval:com.redhat.rhsa:tst:20180349009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349012
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349013
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675004
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349015
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349016
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349017
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675010
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349019
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.171-2.6.13.0.el7_4
            oval oval:com.redhat.rhsa:tst:20180349020
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2018:0349
    released 2018-02-26
    severity Important
    title RHSA-2018:0349: java-1.7.0-openjdk security update (Important)
  • rhsa
    id RHSA-2018:0099
  • rhsa
    id RHSA-2018:0100
  • rhsa
    id RHSA-2018:0351
  • rhsa
    id RHSA-2018:0352
  • rhsa
    id RHSA-2018:0458
  • rhsa
    id RHSA-2018:0521
  • rhsa
    id RHSA-2018:1463
  • rhsa
    id RHSA-2018:1812
rpms
  • java-1.8.0-openjdk-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-accessibility-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-debug-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-demo-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-demo-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-devel-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-devel-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-headless-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-headless-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-javadoc-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-src-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-src-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-openjdk-src-debug-1:1.8.0.161-0.b14.el7_4
  • java-1.8.0-openjdk-src-debug-1:1.8.0.161-3.b14.el6_9
  • java-1.8.0-oracle-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-plugin-1:1.8.0.161-1jpp.2.el7
  • java-1.8.0-oracle-src-1:1.8.0.161-1jpp.1.el6_9
  • java-1.8.0-oracle-src-1:1.8.0.161-1jpp.2.el7
  • java-1.7.0-oracle-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-devel-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-devel-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-javafx-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-jdbc-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-plugin-1:1.7.0.171-1jpp.1.el7
  • java-1.7.0-oracle-src-1:1.7.0.171-1jpp.1.el6_9
  • java-1.7.0-oracle-src-1:1.7.0.171-1jpp.1.el7
  • java-1.6.0-sun-1:1.6.0.181-1jpp.1.el6
  • java-1.6.0-sun-1:1.6.0.181-1jpp.2.el7
  • java-1.6.0-sun-demo-1:1.6.0.181-1jpp.1.el6
  • java-1.6.0-sun-demo-1:1.6.0.181-1jpp.2.el7
  • java-1.6.0-sun-devel-1:1.6.0.181-1jpp.1.el6
  • java-1.6.0-sun-devel-1:1.6.0.181-1jpp.2.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.181-1jpp.1.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.181-1jpp.2.el7
  • java-1.6.0-sun-plugin-1:1.6.0.181-1jpp.1.el6
  • java-1.6.0-sun-plugin-1:1.6.0.181-1jpp.2.el7
  • java-1.6.0-sun-src-1:1.6.0.181-1jpp.1.el6
  • java-1.6.0-sun-src-1:1.6.0.181-1jpp.2.el7
  • java-1.7.0-openjdk-1:1.7.0.171-2.6.13.0.el6_9
  • java-1.7.0-openjdk-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-accessibility-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.171-2.6.13.0.el6_9
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-demo-1:1.7.0.171-2.6.13.0.el6_9
  • java-1.7.0-openjdk-demo-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-devel-1:1.7.0.171-2.6.13.0.el6_9
  • java-1.7.0-openjdk-devel-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-headless-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-javadoc-1:1.7.0.171-2.6.13.0.el6_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.7.0-openjdk-src-1:1.7.0.171-2.6.13.0.el6_9
  • java-1.7.0-openjdk-src-1:1.7.0.171-2.6.13.0.el7_4
  • java-1.8.0-ibm-1:1.8.0.5.10-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.5.10-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.5.10-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.10-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.5.10-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.5.10-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.20-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.20-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.20-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.20-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.20-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.20-1jpp.1.el7
  • java-1.7.1-ibm-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.8.0-ibm-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.10-1jpp.1.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.20-1jpp.3.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.20-1jpp.3.el6_9
refmap via4
bid 102659
confirm
debian
  • DSA-4144
  • DSA-4166
mlist [debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update
sectrack 1040203
ubuntu
  • USN-3613-1
  • USN-3614-1
Last major update 13-05-2022 - 14:57
Published 18-01-2018 - 02:29
Last modified 13-05-2022 - 14:57
Back to Top