Vulnerabilities > CVE-2018-2581
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
Vulnerable Configurations
Nessus
NASL family Misc. NASL id ORACLE_JAVA_CPU_JAN_2018_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 1888888881. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Deployment - Hotspot - I18n - Installer - JCE - JGSS - JMX - JNDI - JavaFX - LDAP - Libraries - Serialization last seen 2020-06-01 modified 2020-06-02 plugin id 106191 published 2018-01-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106191 title Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) (Unix) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106191); script_version("1.7"); script_cvs_date("Date: 2019/11/08"); script_cve_id( "CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2627", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678" ); script_bugtraq_id( 102546, 102556, 102557, 102576, 102584, 102592, 102597, 102605, 102612, 102615, 102625, 102629, 102633, 102636, 102642, 102656, 102659, 102661, 102662, 102663 ); script_name(english:"Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) (Unix)"); script_summary(english:"Checks the version of the JRE."); script_set_attribute(attribute:"synopsis", value: "The remote Unix host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 1888888881. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Deployment - Hotspot - I18n - Installer - JCE - JGSS - JMX - JNDI - JavaFX - LDAP - Libraries - Serialization"); # https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?29ce2b01"); # https://www.oracle.com/technetwork/java/javase/9-0-4-relnotes-4021191.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?793c3773"); # https://www.oracle.com/technetwork/java/javase/8u162-relnotes-4021436.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc061f9a"); # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca"); # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle JDK / JRE 9 Update 4, 8 Update 161 / 7 Update 171 / 6 Update 181 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later."); script_set_attribute(attribute:"agent", value:"unix"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2639"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; # Fixes : (JDK|JRE) 9 Update 4 / 8 Update 161 / 7 Update 171 / 6 Update 181 if ( ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-7][0-9]|180)([^0-9]|$)' || ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-6][0-9]|170)([^0-9]|$)' || ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' || ver =~ '^1\\.9\\.0_(00|0?[0-3])([^0-9]|$)' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_181 / 1.7.0_171 / 1.8.0_161 / 1.9.0_4\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_warning(port:0, extra:report); } else security_warning(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installations on the remote host are not affected."); else audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0100.NASL description An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 171. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) last seen 2020-06-01 modified 2020-06-02 plugin id 106183 published 2018-01-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106183 title RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1463.NASL description An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix(es) : * IBM JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges (CVE-2018-1417) * Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment) (CVE-2018-2638) * Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment) (CVE-2018-2639) * OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582) * Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Installer) (CVE-2018-2627) * OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633) * OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634) * OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637) * OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641) * Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX) (CVE-2018-2581) * OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588) * OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599) * OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602) * OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603) * OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618) * OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629) * Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657) * OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663) * OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677) * OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678) * OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 109908 published 2018-05-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109908 title RHEL 6 : java-1.8.0-ibm (RHSA-2018:1463) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0013.NASL description An update of {'libtiff', 'openjdk8', 'ruby'} packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111283 published 2018-07-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111283 title Photon OS 2.0 : libtiff / openjdk8 / ruby (PhotonOS-PHSA-2018-2.0-0013) (deprecated) NASL family Windows NASL id ORACLE_JAVA_CPU_JAN_2018.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Deployment - Hotspot - I18n - Installer - JCE - JGSS - JMX - JNDI - JavaFX - LDAP - Libraries - Serialization last seen 2020-06-01 modified 2020-06-02 plugin id 106190 published 2018-01-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106190 title Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201803-06.NASL description The remote host is affected by the vulnerability described in GLSA-201803-06 (Oracle JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s Java SE. Please review the referenced CVE identifiers for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 108432 published 2018-03-19 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/108432 title GLSA-201803-06 : Oracle JDK/JRE: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1812.NASL description An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.6 and Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Security Fix(es) : * OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633) * OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634) * OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637) * OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641) * Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX) (CVE-2018-2581) * OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588) * OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599) * OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602) * OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603) * OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618) * OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629) * Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657) * OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663) * OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677) * OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678) * OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 110405 published 2018-06-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110405 title RHEL 6 : java-1.7.1-ibm (RHSA-2018:1812) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0013_OPENJDK8.NASL description An update of the openjdk8 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121911 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121911 title Photon OS 2.0: Openjdk8 PHSA-2018-2.0-0013 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0099.NASL description An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 161. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) last seen 2020-06-01 modified 2020-06-02 plugin id 106182 published 2018-01-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106182 title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2018:0099)
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://security.netapp.com/advisory/ntap-20180117-0001/
- http://www.securitytracker.com/id/1040203
- http://www.securityfocus.com/bid/102636
- https://access.redhat.com/errata/RHSA-2018:0100
- https://access.redhat.com/errata/RHSA-2018:0099
- https://access.redhat.com/errata/RHSA-2018:1463
- https://access.redhat.com/errata/RHSA-2018:1812
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0