Lucene search

OracleCVE-2018-2582

HistoryJan 18, 2018 - 2:29 a.m.

CVE-2018-2582

2018-01-1802:29:18

oracle

web.nvd.nist.gov

250

cve-2018-2582

java se

oracle

hotspot

vulnerability

unauthenticated

compromise

exploit

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

Affected configurations

Nvd

Vulners

Node

oraclejdkMatch1.8.0update152

oraclejdkMatch9.0.1

oraclejreMatch1.8.0update152

oraclejreMatch9.0.1

Node

redhatsatelliteMatch5.8

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

Node

schneider-electricstruxureware_data_center_expertRange<7.6.0

Node

hpxp_command_viewRange8.6.2-01≥advanced

hpxp_p9000_command_viewRange8.6.2-01≥advanced

hpxp7_command_viewRange8.6.2-01≥advanced

VendorProductVersionCPE
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*
oraclejdk9.0.1cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*
oraclejre9.0.1cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*
redhatsatellite5.8cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_eus7.5cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	jdk	1.8.0	cpe:2.3:a:oracle:jdk:1.8.0:update152::::::
oracle	jdk	9.0.1	cpe:2.3:a:oracle:jdk:9.0.1:::::::*
oracle	jre	1.8.0	cpe:2.3:a:oracle:jre:1.8.0:update152::::::
oracle	jre	9.0.1	cpe:2.3:a:oracle:jre:9.0.1:::::::*
redhat	satellite	5.8	cpe:2.3:a:redhat:satellite:5.8:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_server_eus	7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 8u152"
      },
      {
        "status": "affected",
        "version": "9.0.1; Java SE Embedded: 8u151"
      }
    ]
  }
]