PT-2018-15701 · Oracle+3 · Jrockit+5

Published

2018-01-17

Updated

2022-05-13

CVE-2018-2657

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Java SE versions 6u171 and 7u161 JRockit version R28.3.16

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit, resulting in a partial denial of service (partial DOS). This can be exploited by supplying data to APIs in the specified component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.

Recommendations For Java SE versions 6u171 and 7u161, update to a version that contains a fix for this issue. For JRockit version R28.3.16, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Serialization component until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-2657

RHSA-2018:0100

RHSA-2018:0115

RHSA-2018:0458

RHSA-2018:0521

RHSA-2018:1463

RHSA-2018:1812

RHSA-2018_0100

RHSA-2018_0115

RHSA-2018_0458

RHSA-2018_0521

SUSE-SU-2018:0630-1

SUSE-SU-2018:0645-1

SUSE-SU-2018:0694-1

SUSE-SU-2018:0743-1

Affected Products

Ibm Aix

Jrockit

Java Platform

Java Se

Red Hat

Suse

PT-2018-15701 · Oracle+3 · Jrockit+5

CVE-2018-2657

Related Identifiers

Affected Products

References · 44