[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-2952Date: (C)2018-07-18   (M)2024-03-22


Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 3.7CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: LOW 
  
Reference:
SECTRACK-1041302
BID-104765
DSA-4268
RHSA-2018:2241
RHSA-2018:2242
RHSA-2018:2253
RHSA-2018:2254
RHSA-2018:2255
RHSA-2018:2256
RHSA-2018:2283
RHSA-2018:2286
RHSA-2018:2568
RHSA-2018:2569
RHSA-2018:2575
RHSA-2018:2576
RHSA-2018:2712
RHSA-2018:2713
RHSA-2018:3007
RHSA-2018:3008
USN-3734-1
USN-3735-1
USN-3747-1
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://security.netapp.com/advisory/ntap-20180726-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us

OVAL    51
oval:org.secpod.oval:def:505320
oval:org.secpod.oval:def:1000639
oval:org.secpod.oval:def:89049747
oval:org.secpod.oval:def:502336
...

© SecPod Technologies