{"containers":{"cna":{"affected":[{"product":"Java","vendor":"Oracle Corporation","versions":[{"status":"affected","version":"Java SE: 6u171"},{"status":"affected","version":"7u161; JRockit: R28.3.16"}]}],"datePublic":"2018-01-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."}],"problemTypes":[{"descriptions":[{"description":"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit.","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-03-15T09:57:01.000Z","orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20180117-0001/"},{"name":"RHSA-2018:0521","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0521"},{"name":"RHSA-2018:0115","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0115"},{"tags":["x_refsource_CONFIRM"],"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"name":"RHSA-2018:1812","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1812"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"},{"name":"RHSA-2018:1463","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1463"},{"name":"RHSA-2018:0458","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0458"},{"name":"1040203","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1040203"},{"name":"RHSA-2018:0100","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0100"},{"name":"102629","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/102629"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2018-2657","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Java","version":{"version_data":[{"version_affected":"=","version_value":"Java SE: 6u171"},{"version_affected":"=","version_value":"7u161; JRockit: R28.3.16"}]}}]},"vendor_name":"Oracle Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit."}]}]},"references":{"reference_data":[{"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"https://security.netapp.com/advisory/ntap-20180117-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20180117-0001/"},{"name":"RHSA-2018:0521","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:0521"},{"name":"RHSA-2018:0115","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:0115"},{"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","refsource":"CONFIRM","url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"name":"RHSA-2018:1812","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:1812"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"},{"name":"RHSA-2018:1463","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:1463"},{"name":"RHSA-2018:0458","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:0458"},{"name":"1040203","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040203"},{"name":"RHSA-2018:0100","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:0100"},{"name":"102629","refsource":"BID","url":"http://www.securityfocus.com/bid/102629"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T04:21:34.733Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20180117-0001/"},{"name":"RHSA-2018:0521","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0521"},{"name":"RHSA-2018:0115","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0115"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"name":"RHSA-2018:1812","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1812"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"},{"name":"RHSA-2018:1463","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1463"},{"name":"RHSA-2018:0458","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0458"},{"name":"1040203","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1040203"},{"name":"RHSA-2018:0100","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0100"},{"name":"102629","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/102629"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-03T19:12:40.369651Z","id":"CVE-2018-2657","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-03T20:36:25.506Z"}}]},"cveMetadata":{"assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","assignerShortName":"oracle","cveId":"CVE-2018-2657","datePublished":"2018-01-18T02:00:00.000Z","dateReserved":"2017-12-15T00:00:00.000Z","dateUpdated":"2024-10-03T20:36:25.506Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}