Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cnvd-2018-09074
Vulnerability from cnvd
Title
Oracle Java SE和JRockit存在未明漏洞(CNVD-2018-09074)
Description
Java SE是Java平台标准版的简称,用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。Java SE Embedded基于Java SE,并提供特定功能且支持嵌入式系统。JRockit系列产品是一个全面的Java运行时解决方案组合,包括了行业最快的标准Java解决方案。
Oracle Java SE和JRockit中的AWT组件存在未明漏洞。攻击者可利用该漏洞影响可用性。
Severity
中
VLAI Severity ?
Patch Name
Oracle Java SE和JRockit存在未明漏洞(CNVD-2018-09074)的补丁
Patch Description
Java SE是Java平台标准版的简称,用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。Java SE Embedded基于Java SE,并提供特定功能且支持嵌入式系统。JRockit系列产品是一个全面的Java运行时解决方案组合,包括了行业最快的标准Java解决方案。
Oracle Java SE和JRockit中的AWT组件存在未明漏洞。攻击者可利用该漏洞影响可用性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Reference
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Impacted products
| Name | ['Oracle Java SE 10', 'Oracle Java SE 8u162', 'Oracle Java SE 6u181', 'Oracle Java SE 7u171', 'Oracle Java SE Embedded 8u161', 'Oracle JRockit R28.3.17'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "103841"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-2798"
}
},
"description": "Java SE\u662fJava\u5e73\u53f0\u6807\u51c6\u7248\u7684\u7b80\u79f0\uff0c\u7528\u4e8e\u5f00\u53d1\u548c\u90e8\u7f72\u684c\u9762\u3001\u670d\u52a1\u5668\u4ee5\u53ca\u5d4c\u5165\u8bbe\u5907\u548c\u5b9e\u65f6\u73af\u5883\u4e2d\u7684Java\u5e94\u7528\u7a0b\u5e8f\u3002Java SE Embedded\u57fa\u4e8eJava SE\uff0c\u5e76\u63d0\u4f9b\u7279\u5b9a\u529f\u80fd\u4e14\u652f\u6301\u5d4c\u5165\u5f0f\u7cfb\u7edf\u3002JRockit\u7cfb\u5217\u4ea7\u54c1\u662f\u4e00\u4e2a\u5168\u9762\u7684Java\u8fd0\u884c\u65f6\u89e3\u51b3\u65b9\u6848\u7ec4\u5408\uff0c\u5305\u62ec\u4e86\u884c\u4e1a\u6700\u5feb\u7684\u6807\u51c6Java\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nOracle Java SE\u548cJRockit\u4e2d\u7684AWT\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u53ef\u7528\u6027\u3002",
"discovererName": "Oracle",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-09074",
"openTime": "2018-05-08",
"patchDescription": "Java SE\u662fJava\u5e73\u53f0\u6807\u51c6\u7248\u7684\u7b80\u79f0\uff0c\u7528\u4e8e\u5f00\u53d1\u548c\u90e8\u7f72\u684c\u9762\u3001\u670d\u52a1\u5668\u4ee5\u53ca\u5d4c\u5165\u8bbe\u5907\u548c\u5b9e\u65f6\u73af\u5883\u4e2d\u7684Java\u5e94\u7528\u7a0b\u5e8f\u3002Java SE Embedded\u57fa\u4e8eJava SE\uff0c\u5e76\u63d0\u4f9b\u7279\u5b9a\u529f\u80fd\u4e14\u652f\u6301\u5d4c\u5165\u5f0f\u7cfb\u7edf\u3002JRockit\u7cfb\u5217\u4ea7\u54c1\u662f\u4e00\u4e2a\u5168\u9762\u7684Java\u8fd0\u884c\u65f6\u89e3\u51b3\u65b9\u6848\u7ec4\u5408\uff0c\u5305\u62ec\u4e86\u884c\u4e1a\u6700\u5feb\u7684\u6807\u51c6Java\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nOracle Java SE\u548cJRockit\u4e2d\u7684AWT\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Oracle Java SE\u548cJRockit\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2018-09074\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Oracle Java SE 10",
"Oracle Java SE 8u162",
"Oracle Java SE 6u181",
"Oracle Java SE 7u171",
"Oracle Java SE Embedded 8u161",
"Oracle JRockit R28.3.17"
]
},
"referenceLink": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"serverity": "\u4e2d",
"submitTime": "2018-04-18",
"title": "Oracle Java SE\u548cJRockit\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2018-09074\uff09"
}
CVE-2018-2798 (GCVE-0-2018-2798)
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2025-05-06 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 6u181 Version: 7u171 Version: 8u162 Version: 10; Java SE Embedded: 8u161; JRockit: R28.3.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:29:44.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1278"
},
{
"name": "DSA-4185",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4185"
},
{
"name": "RHSA-2018:1975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
},
{
"name": "GLSA-201903-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-14"
},
{
"name": "DSA-4225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4225"
},
{
"name": "1040697",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040697"
},
{
"name": "RHSA-2018:1724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1724"
},
{
"name": "RHSA-2018:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1203"
},
{
"name": "USN-3644-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3644-1/"
},
{
"name": "RHSA-2018:1723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name": "RHSA-2018:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2018:1722",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1722"
},
{
"name": "RHSA-2018:1974",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1974"
},
{
"name": "RHSA-2018:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1205"
},
{
"name": "RHSA-2018:1721",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1721"
},
{
"name": "USN-3691-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3691-1/"
},
{
"name": "103841",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103841"
},
{
"name": "RHSA-2018:1202",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1202"
},
{
"name": "RHSA-2018:1191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1191"
},
{
"name": "RHSA-2018:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1188"
},
{
"name": "RHSA-2018:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1206"
},
{
"name": "RHSA-2018:1270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-2798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:33.639895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T14:59:08.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Java SE: 6u181"
},
{
"status": "affected",
"version": "7u171"
},
{
"status": "affected",
"version": "8u162"
},
{
"status": "affected",
"version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
}
]
}
],
"datePublic": "2018-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-20T00:06:05.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2018:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1278"
},
{
"name": "DSA-4185",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4185"
},
{
"name": "RHSA-2018:1975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
},
{
"name": "GLSA-201903-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-14"
},
{
"name": "DSA-4225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4225"
},
{
"name": "1040697",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040697"
},
{
"name": "RHSA-2018:1724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1724"
},
{
"name": "RHSA-2018:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1203"
},
{
"name": "USN-3644-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3644-1/"
},
{
"name": "RHSA-2018:1723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name": "RHSA-2018:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2018:1722",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1722"
},
{
"name": "RHSA-2018:1974",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1974"
},
{
"name": "RHSA-2018:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1205"
},
{
"name": "RHSA-2018:1721",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1721"
},
{
"name": "USN-3691-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3691-1/"
},
{
"name": "103841",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103841"
},
{
"name": "RHSA-2018:1202",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1202"
},
{
"name": "RHSA-2018:1191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1191"
},
{
"name": "RHSA-2018:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1188"
},
{
"name": "RHSA-2018:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1206"
},
{
"name": "RHSA-2018:1270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u181"
},
{
"version_affected": "=",
"version_value": "7u171"
},
{
"version_affected": "=",
"version_value": "8u162"
},
{
"version_affected": "=",
"version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1278",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1278"
},
{
"name": "DSA-4185",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4185"
},
{
"name": "RHSA-2018:1975",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1975"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
},
{
"name": "GLSA-201903-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-14"
},
{
"name": "DSA-4225",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4225"
},
{
"name": "1040697",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040697"
},
{
"name": "RHSA-2018:1724",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1724"
},
{
"name": "RHSA-2018:1203",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1203"
},
{
"name": "USN-3644-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3644-1/"
},
{
"name": "RHSA-2018:1723",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1723"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name": "RHSA-2018:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1201"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1204"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2018:1722",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1722"
},
{
"name": "RHSA-2018:1974",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1974"
},
{
"name": "RHSA-2018:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1205"
},
{
"name": "RHSA-2018:1721",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1721"
},
{
"name": "USN-3691-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3691-1/"
},
{
"name": "103841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103841"
},
{
"name": "RHSA-2018:1202",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1202"
},
{
"name": "RHSA-2018:1191",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1191"
},
{
"name": "RHSA-2018:1188",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1188"
},
{
"name": "RHSA-2018:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1206"
},
{
"name": "RHSA-2018:1270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1270"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2798",
"datePublished": "2018-04-19T02:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2025-05-06T14:59:08.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…