PT-2018-15701 · Oracle+3 · Jrockit+5

Publicado

2018-01-17

Atualizado

2022-05-13

CVE-2018-2657

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Java SE versions 6u171 and 7u161 JRockit version R28.3.16

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit, resulting in a partial denial of service (partial DOS). This can be exploited by supplying data to APIs in the specified component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.

Recommendations For Java SE versions 6u171 and 7u161, update to a version that contains a fix for this issue. For JRockit version R28.3.16, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Serialization component until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-2657

RHSA-2018:0100

RHSA-2018:0115

RHSA-2018:0458

RHSA-2018:0521

RHSA-2018:1463

RHSA-2018:1812

RHSA-2018_0100

RHSA-2018_0115

RHSA-2018_0458

RHSA-2018_0521

SUSE-SU-2018:0630-1

SUSE-SU-2018:0645-1

SUSE-SU-2018:0694-1

SUSE-SU-2018:0743-1

Produtos afetados

Ibm Aix

Jrockit

Java Platform

Java Se

Red Hat

Suse

PT-2018-15701 · Oracle+3 · Jrockit+5

CVE-2018-2657

Identificadores relacionados

Produtos afetados

Referências · 44