Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-2657 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 5.3 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | None |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2018:1463 | 2018-05-15 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2018:0458 | 2018-03-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2018:0521 | 2018-03-14 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Will not fix |