Vulnerability CVE-2018-3157

Vulnerability Name:

CVE-2018-3157 (CCN-151473)

Assigned:

2017-12-15

Published:

2018-10-16

Updated:

2019-10-03

Summary:

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.
Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS v3 Severity:

3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2018-3157

Source: CCN
Type: Oracle CPUOct2018
Oracle Critical Patch Update Advisory - October 2018

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: BID
Type: Third Party Advisory, VDB Entry
105595

Source: CCN
Type: BID-105595
Oracle Java SE CVE-2018-3157 Remote Security Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1041889

Source: XF
Type: UNKNOWN
oracle-cpuoct2018-cve20183157(151473)

Source: GENTOO
Type: UNKNOWN
GLSA-201908-10

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20181018-0001/

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:jdk:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:11.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20183157	V	CVE-2018-3157	2023-06-22
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:682	P	Security update for python-M2Crypto (Important)	2022-08-05
oval:org.opensuse.security:def:3111	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3531	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2956	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94586	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:86	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:382	P	vsftpd-3.0.5-150400.1.6 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:112455	P	java-11-openjdk-11.0.12.0-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112457	P	java-13-openjdk-13.0.8.0-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112459	P	java-15-openjdk-15.0.4.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:8727	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:94268	P	(Important)	2022-01-11
oval:org.opensuse.security:def:8694	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:69774	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:6725	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-12-14
oval:org.opensuse.security:def:9418	P	Security update for tomcat (Important)	2021-11-16
oval:org.opensuse.security:def:8669	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105959	P	java-11-openjdk-11.0.12.0-3.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:105960	P	java-13-openjdk-13.0.8.0-3.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:105961	P	java-15-openjdk-15.0.4.0-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:37502	P	Security update for curl (Moderate)	2021-09-23
oval:org.opensuse.security:def:103281	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71212	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61471	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96591	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89626	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:46904	P	chrony-2.3-3.110 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47902	P	tboot-20170711_1.9.7-1.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48050	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14930	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46918	P	curl-7.37.0-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47964	P	binutils-2.32-9.36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47039	P	libjson-c2-0.11-2.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48029	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47232	P	cups-filters-1.0.58-17.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48060	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46903	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47364	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48131	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47456	P	p7zip-9.20.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47604	P	eog-3.20.4-7.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47818	P	libykcs11-1-1.5.0-3.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100981	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63424	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63478	P	java-11-openjdk-javadoc-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:107647	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2335	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2389	P	java-11-openjdk-javadoc-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1015	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100862	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71845	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62104	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:6692	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15) (Important)	2021-07-27
oval:org.opensuse.security:def:49123	P	Security update for containerd (Moderate)	2021-07-20
oval:org.opensuse.security:def:69669	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:70982	P	libjasper4-2.0.14-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48769	P	empathy-3.12.12-5.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48823	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70869	P	avahi-0.6.32-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:8594	P	Security update for libwebp (Critical)	2021-06-04
oval:org.opensuse.security:def:93738	P	(Moderate)	2021-05-26
oval:org.opensuse.security:def:8758	P	Security update for lz4 (Important)	2021-05-19
oval:org.opensuse.security:def:8575	P	Security update for python-Pygments (Important)	2021-05-04
oval:org.opensuse.security:def:7416	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:8745	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:6667	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-04-28
oval:org.opensuse.security:def:8560	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:6443	P	Security update for open-iscsi (Important)	2021-04-13
oval:org.opensuse.security:def:8736	P	Security update for spamassassin (Important)	2021-04-13
oval:org.opensuse.security:def:6465	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:64282	P	Security update for python3 (Important)	2020-12-23
oval:org.opensuse.security:def:67529	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:66418	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:116675	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107117	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71512	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61771	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12924	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100451	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36783	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37474	P	kbd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64195	P	libpacemaker-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72991	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:36919	P	liblcms1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36687	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38184	P	fontconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37020	P	smt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37546	P	libldb1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38226	P	java-11-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6435	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:37077	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7394	P	gpgme on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6734	P	libotr5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73109	P	java-11-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37167	P	libXext6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6511	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6743	P	libpoppler-glib8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8445	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8437	P	libpython3_4m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37327	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6558	P	autofs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6756	P	libsndfile1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8467	P	libyaml-0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67629	P	java-11-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36688	P	libpython3_4m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37386	P	augeas on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49069	P	conntrack-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6573	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8513	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36699	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37435	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6592	P	elfutils on GA media (Moderate)	2020-12-01

BACK