Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-3214

Опубликовано: 16 окт. 2018
Источник: redhat
CVSS3: 5.3

Описание

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6java-1.6.0-ibmWill not fix
Oracle Java for Red Hat Enterprise Linux 6java-1.7.0-oracleFixedRHSA-2018:300024.10.2018
Oracle Java for Red Hat Enterprise Linux 6java-1.8.0-oracleFixedRHSA-2018:300324.10.2018
Oracle Java for Red Hat Enterprise Linux 6java-1.6.0-sunFixedRHSA-2018:300824.10.2018
Oracle Java for Red Hat Enterprise Linux 7java-1.7.0-oracleFixedRHSA-2018:300124.10.2018
Oracle Java for Red Hat Enterprise Linux 7java-1.8.0-oracleFixedRHSA-2018:300224.10.2018
Oracle Java for Red Hat Enterprise Linux 7java-1.6.0-sunFixedRHSA-2018:300724.10.2018
Red Hat Enterprise Linux 6java-1.8.0-openjdkFixedRHSA-2018:294317.10.2018
Red Hat Enterprise Linux 6java-1.7.0-openjdkFixedRHSA-2018:340930.10.2018
Red Hat Enterprise Linux 6 Supplementaryjava-1.8.0-ibmFixedRHSA-2018:353309.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1639301OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-3214

CVSS3: 5.3
ubuntu
около 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 ...

nvd логотип

CVE-2018-3214

CVSS3: 5.3
nvd
около 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Av

debian логотип

CVE-2018-3214

CVSS3: 5.3
debian
около 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...

github логотип

GHSA-458x-p845-2qr2

CVSS3: 5.3
github
больше 3 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 ...

fstec логотип

BDU:2019-00623

CVSS3: 5.3
fstec
около 7 лет назад

Уязвимость компонента Sound программных платформ Oracle Java SE, Java SE Embedded, JRockit, позволяющая нарушителю вызвать отказ в обслуживании

5.3 Medium

CVSS3