CVE-2018-2657
Published: 18 January 2018
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Notes
Author | Note |
---|---|
sbeattie | oracle only |
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected [Oracle only])
|
|
upstream |
Not vulnerable
(Oracle only)
|
|
xenial |
Does not exist
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected [Oracle only])
|
|
upstream |
Not vulnerable
(Oracle only)
|
|
xenial |
Does not exist
|
|
openjdk-8 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(Oracle only)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
(Oracle only)
|
|
xenial |
Not vulnerable
(Oracle only)
|
|
openjdk-9 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(Oracle only)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
(Oracle only)
|
|
xenial |
Not vulnerable
(Oracle only)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |