It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.
Find out more about CVE-2018-2633 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 8.3 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | Required |
Scope | Changed |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2018:1463 | 2018-05-15 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2018:0351 | 2018-02-26 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2018:0521 | 2018-03-14 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2018:0458 | 2018-03-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2018:0352 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Will not fix |