CVE-2018-2657

MEDIUM

Oracle Java SE <7u161 - Use After Free

Title source: llm

Description

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References (12)

Core 12

Core References

Patch x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20180117-0001/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0521

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0115

Third Party Advisory x_refsource_confirm

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1812

Third Party Advisory x_refsource_confirm

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1463

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0458

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040203

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0100

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102629

Scores

CVSS v3 5.3

EPSS 0.0044

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (17)

hp/xp7_command_view 8.6.2-01

hp/xp_command_view 8.6.2-01

hp/xp_p9000_command_view 8.6.2-01

oracle/jdk 1.6.0 update171

oracle/jdk 1.7.0 update161

oracle/jre 1.6.0 update171

oracle/jre 1.7.0 update161

oracle/jrockit r28.3.16

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

... and 7 more

Published Jan 18, 2018

Tracked Since Feb 18, 2026