OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

🗓️ 23 Apr 2018 17:15:03Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

OpenJDK manifest sections flaw allows unauthorized data modification in Java SE and Java SE Embedded.

Reporter	Title	Published	Views	Family All 290
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Support Assistant Team Server	10 Sep 201823:05	–	ibm
IBM Security Bulletins	Security Bulletin: Java SE issues disclosed in the Oracle April 2018 Critical Patch Update affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation	18 Jun 201801:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark	2 Aug 202108:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime affect IBM® Intelligent Operations Center products	21 Dec 201811:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products	3 Jul 201803:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker	23 Mar 202020:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine	3 Jun 202010:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack	14 Aug 201809:29	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics	18 Jun 201801:44	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle	1:1.8.0.171-1jpp.2.el6	java-1.8.0-oracle-1:1.8.0.171-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle	1:1.8.0.171-1jpp.2.el6.i686	java-1.8.0-oracle-1:1.8.0.171-1jpp.2.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-devel	1:1.8.0.171-1jpp.2.el6	java-1.8.0-oracle-devel-1:1.8.0.171-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle-devel	1:1.8.0.171-1jpp.2.el6.i686	java-1.8.0-oracle-devel-1:1.8.0.171-1jpp.2.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-javafx	1:1.8.0.171-1jpp.2.el6	java-1.8.0-oracle-javafx-1:1.8.0.171-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle-javafx	1:1.8.0.171-1jpp.2.el6.i686	java-1.8.0-oracle-javafx-1:1.8.0.171-1jpp.2.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-jdbc	1:1.8.0.171-1jpp.2.el6	java-1.8.0-oracle-jdbc-1:1.8.0.171-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle-jdbc	1:1.8.0.171-1jpp.2.el6.i686	java-1.8.0-oracle-jdbc-1:1.8.0.171-1jpp.2.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-plugin	1:1.8.0.171-1jpp.2.el6	java-1.8.0-oracle-plugin-1:1.8.0.171-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle-plugin	1:1.8.0.171-1jpp.2.el6.i686	java-1.8.0-oracle-plugin-1:1.8.0.171-1jpp.2.el6.i686.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2018-2790
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-2790
cve	www.cve.org/CVERecord

28 Jun 2026 12:16Current

7.4High risk

Vulners AI Score7.4

CVSS 22.6

CVSS 3.13.1

EPSS0.05095

SSVC

openjdk jar manifest java standard edition java embedded affected versions network attacker unauthenticated access data modification sandbox deployments