cvelistv5 - cve-2018-2815

CVE-2018-2815 (GCVE-0-2018-2815)

Vulnerability from cvelistv5

Published

2018-04-19 02:00

Modified

2025-05-06 14:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:1278	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4185	vendor-advisory, x_refsource_DEBIAN
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201903-14	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2018/dsa-4225	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1040697	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1203	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/103848	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3644-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-20180419-0001/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1201	vendor-advisory, x_refsource_REDHAT
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1204	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1205	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3691-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1202	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1191	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1188	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1206	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1270	vendor-advisory, x_refsource_REDHAT
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java	Version: Java SE: 6u181 Version: 7u171 Version: 8u162 Version: 10; Java SE Embedded: 8u161; JRockit: R28.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "103848",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103848"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-2815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:32.151263Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T14:59:02.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:05.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "103848",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103848"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "103848",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103848"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2815",
    "datePublished": "2018-04-19T02:00:00.000Z",
    "dateReserved": "2017-12-15T00:00:00.000Z",
    "dateUpdated": "2025-05-06T14:59:02.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2018:1278\", \"name\": \"RHSA-2018:1278\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4185\", \"name\": \"DSA-4185\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201903-14\", \"name\": \"GLSA-201903-14\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4225\", \"name\": \"DSA-4225\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1040697\", \"name\": \"1040697\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1203\", \"name\": \"RHSA-2018:1203\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/103848\", \"name\": \"103848\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3644-1/\", \"name\": \"USN-3644-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180419-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1201\", \"name\": \"RHSA-2018:1201\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1204\", \"name\": \"RHSA-2018:1204\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1205\", \"name\": \"RHSA-2018:1205\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3691-1/\", \"name\": \"USN-3691-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1202\", \"name\": \"RHSA-2018:1202\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1191\", \"name\": \"RHSA-2018:1191\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1188\", \"name\": \"RHSA-2018:1188\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1206\", \"name\": \"RHSA-2018:1206\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1270\", \"name\": \"RHSA-2018:1270\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T04:29:44.730Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-2815\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:27:32.151263Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:21:28.156Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java SE: 6u181\"}, {\"status\": \"affected\", \"version\": \"7u171\"}, {\"status\": \"affected\", \"version\": \"8u162\"}, {\"status\": \"affected\", \"version\": \"10; Java SE Embedded: 8u161; JRockit: R28.3.17\"}]}], \"datePublic\": \"2018-03-27T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2018:1278\", \"name\": \"RHSA-2018:1278\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4185\", \"name\": \"DSA-4185\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.gentoo.org/glsa/201903-14\", \"name\": \"GLSA-201903-14\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4225\", \"name\": \"DSA-4225\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://www.securitytracker.com/id/1040697\", \"name\": \"1040697\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1203\", \"name\": \"RHSA-2018:1203\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securityfocus.com/bid/103848\", \"name\": \"103848\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://usn.ubuntu.com/3644-1/\", \"name\": \"USN-3644-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180419-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1201\", \"name\": \"RHSA-2018:1201\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1204\", \"name\": \"RHSA-2018:1204\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1205\", \"name\": \"RHSA-2018:1205\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://usn.ubuntu.com/3691-1/\", \"name\": \"USN-3691-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1202\", \"name\": \"RHSA-2018:1202\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1191\", \"name\": \"RHSA-2018:1191\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1188\", \"name\": \"RHSA-2018:1188\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1206\", \"name\": \"RHSA-2018:1206\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1270\", \"name\": \"RHSA-2018:1270\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2019-03-20T00:06:05.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Java SE: 6u181\", \"version_affected\": \"=\"}, {\"version_value\": \"7u171\", \"version_affected\": \"=\"}, {\"version_value\": \"8u162\", \"version_affected\": \"=\"}, {\"version_value\": \"10; Java SE Embedded: 8u161; JRockit: R28.3.17\", \"version_affected\": \"=\"}]}, \"product_name\": \"Java\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2018:1278\", \"name\": \"RHSA-2018:1278\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4185\", \"name\": \"DSA-4185\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us\", \"name\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.gentoo.org/glsa/201903-14\", \"name\": \"GLSA-201903-14\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4225\", \"name\": \"DSA-4225\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://www.securitytracker.com/id/1040697\", \"name\": \"1040697\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1203\", \"name\": \"RHSA-2018:1203\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securityfocus.com/bid/103848\", \"name\": \"103848\", \"refsource\": \"BID\"}, {\"url\": \"https://usn.ubuntu.com/3644-1/\", \"name\": \"USN-3644-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180419-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20180419-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1201\", \"name\": \"RHSA-2018:1201\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"name\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1204\", \"name\": \"RHSA-2018:1204\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1205\", \"name\": \"RHSA-2018:1205\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://usn.ubuntu.com/3691-1/\", \"name\": \"USN-3691-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1202\", \"name\": \"RHSA-2018:1202\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1191\", \"name\": \"RHSA-2018:1191\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1188\", \"name\": \"RHSA-2018:1188\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1206\", \"name\": \"RHSA-2018:1206\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1270\", \"name\": \"RHSA-2018:1270\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us\", \"name\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-2815\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-2815\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-06T14:59:02.355Z\", \"dateReserved\": \"2017-12-15T00:00:00.000Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2018-04-19T02:00:00.000Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-188

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Java SE version 8u162
Oracle	Java SE	Java SE version 7u161
Oracle	Java SE	Java SE version 10
Oracle	Java SE	Java SE Embedded version 8u161
Oracle	Java SE	Java SE Embedded version 8u152
Oracle	Java SE	Java SE version 7u171
Oracle	Java SE	Java SE version 8u152
Oracle	Java SE	JRockit version R28.3.17
Oracle	Java SE	Java SE version 6u181

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2018-3678067 du 17 avril 2018	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2018verbose-3678067 du 17 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE version 8u162",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 7u161",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 10",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u161",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u152",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 7u171",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 8u152",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JRockit version R28.3.17",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 6u181",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2800"
    },
    {
      "name": "CVE-2018-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2826"
    },
    {
      "name": "CVE-2018-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2815"
    },
    {
      "name": "CVE-2018-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2790"
    },
    {
      "name": "CVE-2018-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2795"
    },
    {
      "name": "CVE-2018-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2783"
    },
    {
      "name": "CVE-2018-2796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2796"
    },
    {
      "name": "CVE-2018-2797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2797"
    },
    {
      "name": "CVE-2018-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2814"
    },
    {
      "name": "CVE-2018-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2799"
    },
    {
      "name": "CVE-2018-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2825"
    },
    {
      "name": "CVE-2018-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2811"
    },
    {
      "name": "CVE-2018-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2798"
    },
    {
      "name": "CVE-2018-2794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2794"
    }
  ],
  "initial_release_date": "2018-04-18T00:00:00",
  "last_revision_date": "2018-04-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-188",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2018-3678067 du 17 avril 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2018verbose-3678067 du 17 avril 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#JAVA"
    }
  ]
}

CERTFR-2021-AVI-146

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (WebSafe) versions 14.x antérieures à 14.1.0
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.x antérieures à 13.1.3.2
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x antérieures à 11.6.5.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.x antérieures à 14.1.2.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x antérieures à 15.0.1.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x antérieures à 12.1.5.1

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K15217245 du 11 mai 2018	None	vendor-advisory
Bulletin de sécurité F5 K70321874 du 11 mai 2018	None	vendor-advisory
Bulletin de sécurité F5 K32485746 du 12 avril 2018	None	vendor-advisory
Bulletin de sécurité F5 K44923228 du 10 mai 2018	None	vendor-advisory
Bulletin de sécurité F5 K35421172 du 19 juin 2019	None	vendor-advisory
Bulletin de sécurité F5 K37111863 du 15 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (WebSafe) versions 14.x ant\u00e9rieures \u00e0 14.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.x ant\u00e9rieures \u00e0 13.1.3.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x ant\u00e9rieures \u00e0 11.6.5.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.x ant\u00e9rieures \u00e0 14.1.2.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x ant\u00e9rieures \u00e0 15.0.1.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x ant\u00e9rieures \u00e0 12.1.5.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12120"
    },
    {
      "name": "CVE-2018-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2815"
    },
    {
      "name": "CVE-2016-10708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10708"
    },
    {
      "name": "CVE-2018-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2795"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2018-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2783"
    }
  ],
  "initial_release_date": "2021-02-25T00:00:00",
  "last_revision_date": "2021-02-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-146",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K15217245 du 11 mai 2018",
      "url": "https://support.f5.com/csp/article/K15217245"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70321874 du 11 mai 2018",
      "url": "https://support.f5.com/csp/article/K70321874"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K32485746 du 12 avril 2018",
      "url": "https://support.f5.com/csp/article/K32485746"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44923228 du 10 mai 2018",
      "url": "https://support.f5.com/csp/article/K44923228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K35421172 du 19 juin 2019",
      "url": "https://support.f5.com/csp/article/K35421172"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K37111863 du 15 d\u00e9cembre 2018",
      "url": "https://support.f5.com/csp/article/K37111863"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-2815 (GCVE-0-2018-2815)

Vulnerability from cvelistv5

CERTFR-2018-AVI-188

Vulnerability from certfr_avis

Solution

CERTFR-2021-AVI-146

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature