PT-2018-15637 · Oracle+5 · Jrockit+8

Published

2018-01-17

·

Updated

2024-06-15

·

CVE-2018-2588

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 6u171, 7u161, 8u152 and 9.0.1 Java SE Embedded version 8u151 JRockit version R28.3.16
Description The issue allows a low-privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit, resulting in unauthorized read access to a subset of accessible data. This issue applies to both client and server deployment of Java and can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.
Recommendations For Java SE versions 6u171, 7u161, 8u152 and 9.0.1, update to a version that contains the fix for this issue. For Java SE Embedded version 8u151, update to a version that contains the fix for this issue. For JRockit version R28.3.16, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the LDAP component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2018_0095
CESA-2018_0349
CVE-2018-2588
DLA-1339-1
DSA-4144-1
DSA-4166-1
MGASA-2018-0104
OPENSUSE-SU-2018_0679-1
OPENSUSE-SU-2018_0684-1
OPENSUSE-SU-2024:10876-1
RHSA-2018:0095
RHSA-2018:0099
RHSA-2018:0100
RHSA-2018:0115
RHSA-2018:0349
RHSA-2018:0351
RHSA-2018:0352
RHSA-2018:0458
RHSA-2018:0521
RHSA-2018:1463
RHSA-2018:1812
RHSA-2018_0095
RHSA-2018_0099
RHSA-2018_0100
RHSA-2018_0115
RHSA-2018_0349
RHSA-2018_0351
RHSA-2018_0352
RHSA-2018_0458
RHSA-2018_0521
SUSE-SU-2018:0630-1
SUSE-SU-2018:0645-1
SUSE-SU-2018:0661-1
SUSE-SU-2018:0663-1
SUSE-SU-2018:0665-1
SUSE-SU-2018:0694-1
SUSE-SU-2018:0743-1
USN-3613-1
USN-3614-1

Affected Products

Centos
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu