Lucene search

K
cveOracleCVE-2018-2579
HistoryJan 18, 2018 - 2:29 a.m.

CVE-2018-2579

2018-01-1802:29:18
oracle
web.nvd.nist.gov
147
cve
2018
2579
vulnerability
oracle
java
se
embedded
jrockit
unauthorized access
data privacy

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

0.002

Percentile

64.7%

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

Nvd
Vulners
Node
oraclejdkMatch1.6.0update171
OR
oraclejdkMatch1.7.0update161
OR
oraclejdkMatch1.8.0update152
OR
oraclejdkMatch9.0.1
OR
oraclejreMatch1.6.0update171
OR
oraclejreMatch1.7.0update161
OR
oraclejreMatch1.8.0update152
OR
oraclejreMatch9.0.1
OR
oraclejrockitMatchr28.3.16
Node
redhatsatelliteMatch5.6
OR
redhatsatelliteMatch5.7
OR
redhatsatelliteMatch5.8
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_eusMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.5
OR
redhatenterprise_linux_server_eusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch17.10
Node
schneider-electricstruxureware_data_center_expertRange<7.6.0
Node
hpxp_command_viewRange8.6.2-01advanced
OR
hpxp_p9000_command_viewRange8.6.2-01advanced
OR
hpxp7_command_viewRange8.6.2-01advanced
VendorProductVersionCPE
oraclejdk1.6.0cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*
oraclejdk9.0.1cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*
oraclejre1.6.0cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*
oraclejre9.0.1cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*
oraclejrockitr28.3.16cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*
redhatsatellite5.6cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 351

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 6u171"
      },
      {
        "status": "affected",
        "version": "7u161"
      },
      {
        "status": "affected",
        "version": "8u152"
      },
      {
        "status": "affected",
        "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
      }
    ]
  }
]

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

0.002

Percentile

64.7%