Vulnerabilities > CVE-2018-2826
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerable Configurations
Nessus
NASL family Windows NASL id ORACLE_JAVA_CPU_APR_2018.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Concurrency - Hotspot - Install - JAXP - JMX - Libraries - RMI - Security - Serialization last seen 2020-06-01 modified 2020-06-02 plugin id 109202 published 2018-04-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109202 title Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(109202); script_version("1.4"); script_cvs_date("Date: 2019/11/08"); script_cve_id( "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2811", "CVE-2018-2814", "CVE-2018-2815", "CVE-2018-2825", "CVE-2018-2826" ); script_bugtraq_id( 103796, 103810, 103817, 103832, 103848, 103849, 103872 ); script_name(english:"Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)"); script_summary(english:"Checks the version of the JRE."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Concurrency - Hotspot - Install - JAXP - JMX - Libraries - RMI - Security - Serialization"); # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76507bf8"); # https://www.oracle.com/technetwork/java/javase/10-0-1-relnotes-4308875.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f630e2b"); # https://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9bf6e180"); # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca"); # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2783"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; # Fixes : (JDK|JRE) 10 Update 1 / 8 Update 171 / 7 Update 181 / 6 Update 191 if ( ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-8][0-9]|190)([^0-9]|$)' || ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-7][0-9]|180)([^0-9]|$)' || ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-6][0-9]|170)([^0-9]|$)' || ver =~ '^1\\.10\\.0_(00|0?0)([^0-9]|$)' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_191 / 1.7.0_181 / 1.8.0_171 / 1.10.0_1\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installations on the remote host are not affected."); else audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0130.NASL description An update of 'mysql', 'openjdk',openjre packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111932 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111932 title Photon OS 1.0: Mysql / Openjdk PHSA-2018-1.0-0130 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0130. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111932); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2018-2755", "CVE-2018-2783", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2811", "CVE-2018-2814", "CVE-2018-2815", "CVE-2018-2825", "CVE-2018-2826" ); script_name(english:"Photon OS 1.0: Mysql / Openjdk PHSA-2018-1.0-0130 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'mysql', 'openjdk',openjre packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-1.0-130 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e96d19b"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2783"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "mysql-5.7.22-1.ph1", "mysql-debuginfo-5.7.22-1.ph1", "mysql-devel-5.7.22-1.ph1", "openjdk-1.8.0.172-1.ph1", "openjdk-debuginfo-1.8.0.172-1.ph1", "openjdk-doc-1.8.0.172-1.ph1", "openjdk-sample-1.8.0.172-1.ph1", "openjdk-src-1.8.0.172-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / openjdk"); }
NASL family Misc. NASL id ORACLE_JAVA_CPU_APR_2018_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Concurrency - Hotspot - Install - JAXP - JMX - Libraries - RMI - Security - Serialization last seen 2020-06-01 modified 2020-06-02 plugin id 109203 published 2018-04-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109203 title Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0130_OPENJDK.NASL description An update of the openjdk package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121835 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121835 title Photon OS 1.0: Openjdk PHSA-2018-1.0-0130 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1738-2.NASL description IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes : CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118267 published 2018-10-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118267 title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-2) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0039_OPENJDK8.NASL description An update of the openjdk8 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121938 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121938 title Photon OS 2.0: Openjdk8 PHSA-2018-2.0-0039 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1738-1.NASL description IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes : - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110620 published 2018-06-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110620 title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0039.NASL description An update of {'openjdk8', 'httpd', 'librelp', 'zsh', 'libvirt', 'libtiff'} packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111298 published 2018-07-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111298 title Photon OS 2.0 : openjdk8 / httpd / librelp / zsh / libvirt (PhotonOS-PHSA-2018-2.0-0039) (deprecated) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3747-1.NASL description It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 112033 published 2018-08-21 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112033 title Ubuntu 18.04 LTS : openjdk-lts vulnerabilities (USN-3747-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3747-2.NASL description USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details : It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117479 published 2018-09-13 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117479 title Ubuntu 18.04 LTS : openjdk-lts regression (USN-3747-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2068-1.NASL description IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes : - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-21 modified 2019-01-02 plugin id 120060 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120060 title SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2068-1)
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.securitytracker.com/id/1040697
- http://www.securityfocus.com/bid/103796
- https://security.netapp.com/advisory/ntap-20180419-0001/
- https://usn.ubuntu.com/3747-1/
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0