Linux Distros Unpatched Vulnerability : CVE-2018-2783

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Unpatched vulnerability CVE-2018-2783 in Oracle Java SE allows unauthorized data access via network.

Reporter	Title	Published	Views	Family All 267
IBM Security Bulletins	Security Bulletin: Java SE issues disclosed in the Oracle April 2018 Critical Patch Update affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation	18 Jun 201801:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark	2 Aug 202108:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9	10 Oct 201919:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Java affect the IBM FlashSystem models V840 and V9000	28 Jun 201916:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments	24 Sep 201809:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access	23 Jun 201805:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator	20 Jul 201820:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS	1 Nov 201810:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime affect IBM® Intelligent Operations Center products	21 Dec 201811:10	–	ibm

Source	Link
access	www.access.redhat.com/security/cve/cve-2018-2783
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(221892);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/20");

  script_cve_id("CVE-2018-2783");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2018-2783");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:
    Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded:
    8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network
    access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this
    vulnerability can result in unauthorized creation, deletion or modification access to critical data or all
    Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or
    complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and
    server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start
    applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the
    specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as
    through a web service. (CVE-2018-2783)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-2783");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2783");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Red Hat Enterprise Linux-6");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Red Hat Enterprise Linux-6": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "6",
        "pkgs": [
          {"reference": "java-1.6.0-ibm"},
          {"reference": "java-1.6.0-ibm-demo"},
          {"reference": "java-1.6.0-ibm-devel"},
          {"reference": "java-1.6.0-ibm-javacomm"},
          {"reference": "java-1.6.0-ibm-jdbc"},
          {"reference": "java-1.6.0-ibm-plugin"},
          {"reference": "java-1.6.0-ibm-src"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

20 Aug 2025 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25.8

CVSS 3.17.4

EPSS0.00414

SSVC

cve-2018-2783 oracle java se unpatched vulnerability unauthorized access network exploitation