Vulnerability Details : CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability category: Denial of service
Products affected by CVE-2018-2952
- cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r28.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update181:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update172:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update191:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update191:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update181:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update172:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
- cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
- Netapp » E-series Santricity Os ControllerVersions from including (>=) 11.0 and up to, including, (<=) 11.70.1cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
- Netapp » Storage Replication Adapter For Clustered Data Ontap » For Vmware VsphereVersions from including (>=) 9.7cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
Threat overview for CVE-2018-2952
Top countries where our scanners detected CVE-2018-2952
Top open port discovered on systems with this issue
80
IPs affected by CVE-2018-2952 2,440
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-2952!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-2952
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-2952
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
2.2
|
1.4
|
NIST |
References for CVE-2018-2952
-
https://access.redhat.com/errata/RHSA-2018:2575
RHSA-2018:2575 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2712
RHSA-2018:2712 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3007
RHSA-2018:3007 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2241
RHSA-2018:2241 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2283
RHSA-2018:2283 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3734-1/
USN-3734-1: OpenJDK 8 vulnerability | Ubuntu security noticesThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us
HPESBST03928 rev.1 - Command View Advanced Edition (CVAE) Products using JDK, Multiple VulnerabilitiesThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4268
Debian -- Security Information -- DSA-4268-1 openjdk-8Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2569
RHSA-2018:2569 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us
HPESBST03882 rev.1 - HPE Command View Advance Edition (CVAE) using JDK, Local and Remote Authentication BypassThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2255
RHSA-2018:2255 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2286
RHSA-2018:2286 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3747-1/
USN-3747-1: OpenJDK 10 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id/1041302
Oracle Java SE Multiple FLaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges - SecurityTrackerBroken Link
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
[SECURITY] [DLA 1590-1] openjdk-7 security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2253
RHSA-2018:2253 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2713
RHSA-2018:2713 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2568
RHSA-2018:2568 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/104765
Malformed RequestBroken Link
-
https://access.redhat.com/errata/RHSA-2018:3008
RHSA-2018:3008 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2256
RHSA-2018:2256 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2576
RHSA-2018:2576 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3735-1/
USN-3735-1: OpenJDK 7 vulnerability | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2242
RHSA-2018:2242 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2254
RHSA-2018:2254 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20180726-0001/
July 2018 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to