Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.3
CVSSv3

CVE-2018-2814

Published: 19/04/2018 Updated: 22/11/2023
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
CVSS v3 Base Score: 8.3 | Impact Score: 6 | Exploitability Score: 1.6
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Jdk

Vulnerability Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jdk 1.8.0

oracle jdk 1.7.0

oracle jdk 1.6.0

oracle jre 1.6.0

oracle jre 1.8.0

oracle jre 1.7.0

oracle jdk 10

oracle jre 10

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server eus 7.6

redhat enterprise linux server aus 7.6

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 17.10

schneider-electric struxureware data center expert

hp xp7 command view

Vendor Advisories

Ubuntu Security Notice: openjdk-7 vulnerabilities
Several security issues were fixed in OpenJDK 7 ...
Ubuntu Security Notice: openjdk-8 vulnerabilities
Several security issues were fixed in OpenJDK 8 ...
Debian Security Advisories: DSA-4185-1 openjdk-8 -- security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation For the stable distribution (stretch), these problems have been fixed in version 8u171-b11-1~deb9u1 We recommend that you upgrade ...
Debian Security Advisories: DSA-4225-1 openjdk-7 -- security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation For the oldstable distribution (jessie), these problems have been fixed in version 7u181-2614-1~deb8u1 We recommend that you upg ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: java-1.6.0-sun security update
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Red Hat: Critical: java-1.8.0-openjdk security update
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Red Hat: Critical: java-1.8.0-oracle security update
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Red Hat: Critical: java-1.8.0-oracle security update
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Red Hat: Important: java-1.6.0-sun security update
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Critical: java-1.8.0-openjdk security update
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ...
Amazon Linux 2: ALAS2-2018-1002
Unbounded memory allocation during deserialization in Container (AWT, 8189989)Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT) Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28317 Easily exploitable vulnerability allows unaut ...
Amazon Linux 2: ALAS2-2018-1007
Unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP) Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28317 Easily exploitable vulnerability allows una ...
Amazon Linux AMI: ALAS-2018-1002
Unbounded memory allocation during deserialization in Container (AWT, 8189989)Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT) Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28317 Easily exploitable vulnerability allows unaut ...
Amazon Linux AMI: ALAS-2018-1007
Unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP) Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28317 Easily exploitable vulnerability allows una ...
Red Hat: CVE-2018-2814
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot) Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd ...

Recent Articles

Oracle whips out the swatter, squishes 254 security bugs in its gear
The Register • Shaun Nichols in San Francisco • 19 Apr 2018

Java fixes lobbed out, Spectre Solaris patches issued Flash! Ah-ahhh! WebEx pwned for all of us!

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3. Java was on the receivi...

Read more...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.securitytracker.com/id/1040697http://www.securityfocus.com/bid/103798https://security.netapp.com/advisory/ntap-20180419-0001/https://access.redhat.com/errata/RHSA-2018:1191https://access.redhat.com/errata/RHSA-2018:1188https://access.redhat.com/errata/RHSA-2018:1206https://access.redhat.com/errata/RHSA-2018:1205https://access.redhat.com/errata/RHSA-2018:1204https://access.redhat.com/errata/RHSA-2018:1203https://access.redhat.com/errata/RHSA-2018:1202https://access.redhat.com/errata/RHSA-2018:1201https://www.debian.org/security/2018/dsa-4185https://access.redhat.com/errata/RHSA-2018:1270https://access.redhat.com/errata/RHSA-2018:1278https://usn.ubuntu.com/3644-1/https://www.debian.org/security/2018/dsa-4225https://usn.ubuntu.com/3691-1/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_ushttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://security.gentoo.org/glsa/201903-14https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_ushttps://nvd.nist.govhttps://usn.ubuntu.com/3691-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook