Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2018-3180

Disclosure Date: October 17, 2018 •

CVE-2018-3180 CVSS v3 Base Score: 5.6

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.6 Medium

Impact Score:

3.4

Exploitability Score:

2.2

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

Low

Integrity (I):

Low

Availability (A):

Low

Vendors

canonical,
debian,
hp,
oracle,
redhat

Products

debian linux 8.0,
debian linux 9.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.6,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 7.6,
enterprise linux server eus 7.5,
enterprise linux server tus 7.6,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
jdk 1.6.0,
jdk 1.7.0,
jdk 1.8.0,
jdk 11.0.0,
jre 1.6.0,
jre 1.7.0,
jre 1.8.0,
jre 11.0.0,
jrockit r28.3.19,
satellite 5.6,
satellite 5.7,
satellite 5.8,
ubuntu linux 14.04,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 18.10,
xp7 command view

References

Canonical

CVE-2018-3180 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3180)

BID-105617 (http://www.securityfocus.com/bid/105617)

Advisory

[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update (https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html)

https://access.redhat.com/errata/RHSA-2018:3007

https://security.netapp.com/advisory/ntap-20181018-0001

https://access.redhat.com/errata/RHSA-2018:2942

https://access.redhat.com/errata/RHSA-2018:3779

https://access.redhat.com/errata/RHSA-2018:3534

https://access.redhat.com/errata/RHSA-2018:3350

https://access.redhat.com/errata/RHSA-2018:3003

USN-3804-1 (https://usn.ubuntu.com/3804-1)

https://access.redhat.com/errata/RHSA-2018:3002

https://access.redhat.com/errata/RHSA-2018:3671

https://access.redhat.com/errata/RHSA-2018:3852

DSA-4326 (https://www.debian.org/security/2018/dsa-4326)

USN-3824-1 (https://usn.ubuntu.com/3824-1)

https://access.redhat.com/errata/RHSA-2018:2943

https://access.redhat.com/errata/RHSA-2018:3008

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://access.redhat.com/errata/RHSA-2018:3533

https://access.redhat.com/errata/RHSA-2018:3409

https://access.redhat.com/errata/RHSA-2018:3001

https://access.redhat.com/errata/RHSA-2018:3000

SECTRACK-1041889 (http://www.securitytracker.com/id/1041889)

https://access.redhat.com/errata/RHSA-2018:3672

https://access.redhat.com/errata/RHSA-2018:3521

GLSA-201908-10 (https://security.gentoo.org/glsa/201908-10)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us

Rapid7

Technical Analysis