Kaspersky LabKLA11178KLA11178 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.0%
Detect date:
01/16/2018
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities possibly possibly to cause denial of service, to gain privileges and to obtain sensitive information.
Affected products:
Java SE 6 version 6u171 and earlier
Java SE 7 version 7u161 and earlier
Java SE 8 version 8u152 and earlier
Java SE 9 version 9.0.1 and earlier
Java SE Embedded version 8u151 and earlier
JRockit version R28.3.16 and earlier
Java Advanced Management Console version 2.8 and earlier
Solution:
Update to the latest version
Oracle software downloads
Original advisories:
Oracle Critical Patch Update Advisory – January 2018
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2018-26412.6Warning
CVE-2018-25814.3Warning
CVE-2018-26344.3Warning
CVE-2018-26396.8High
CVE-2018-25824.3Warning
CVE-2018-26023.7Warning
CVE-2018-26035.0Warning
CVE-2018-26784.3Warning
CVE-2018-26575.0Warning
CVE-2018-26335.1High
CVE-2018-25884.0Warning
CVE-2018-26273.7Warning
CVE-2018-26375.8High
CVE-2018-26184.3Warning
CVE-2018-26754.3Warning
CVE-2018-26774.3Warning
CVE-2018-26292.6Warning
CVE-2018-25995.8High
CVE-2018-26385.1High
CVE-2018-26634.3Warning
CVE-2018-25794.3Warning
References
www.oracle.com/technetwork/indexes/downloads/index.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/
threats.kaspersky.com/en/product/Oracle-JRockit/
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.0%