Lucene search

OracleCVE-2018-3214

HistoryOct 17, 2018 - 1:31 a.m.

CVE-2018-3214

2018-10-1701:31:23

oracle

web.nvd.nist.gov

338

oracle

java se

java se embedded

jrockit

cve-2018-3214

vulnerability

exploitable

unauthenticated attacker

sandbox

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

71.5%

JSON

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Nvd

Vulners

Node

oraclejdkMatch1.6.0update201

oraclejdkMatch1.7.0update191

oraclejdkMatch1.8.0update182

oraclejreMatch1.6.0update201

oraclejreMatch1.7.0update191

oraclejreMatch1.8.0update182

Node

oraclejrockitMatchr28.3.19

Node

redhatsatelliteMatch5.6

redhatsatelliteMatch5.7

redhatsatelliteMatch5.8

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

hpxp7_command_viewRange<8.6.3-00advanced

VendorProductVersionCPE
oraclejdk1.6.0cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update182:*:*:*:*:*:*
oraclejre1.6.0cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update182:*:*:*:*:*:*
oraclejrockitr28.3.19cpe:2.3:a:oracle:jrockit:r28.3.19:*:*:*:*:*:*:*
redhatsatellite5.6cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
redhatsatellite5.7cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
redhatsatellite5.8cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	jdk	1.6.0	cpe:2.3:a:oracle:jdk:1.6.0:update201::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update191::::::
oracle	jdk	1.8.0	cpe:2.3:a:oracle:jdk:1.8.0:update182::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update201::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update191::::::
oracle	jre	1.8.0	cpe:2.3:a:oracle:jre:1.8.0:update182::::::
oracle	jrockit	r28.3.19	cpe:2.3:a:oracle:jrockit:r28.3.19:::::::*
redhat	satellite	5.6	cpe:2.3:a:redhat:satellite:5.6:::::::*
redhat	satellite	5.7	cpe:2.3:a:redhat:satellite:5.7:::::::*
redhat	satellite	5.8	cpe:2.3:a:redhat:satellite:5.8:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 6u201, 7u191, 8u181"
      },
      {
        "status": "affected",
        "version": "Java SE Embedded: 8u181"
      },
      {
        "status": "affected",
        "version": "JRockit: R28.3.19"
      }
    ]
  }
]