what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2018-2678

Status Candidate

Overview

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

Related Files

Red Hat Security Advisory 2018-1812-01
Posted Jun 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1812-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include deserialization, insecure handling, randomization, and use-after-free vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 221148ef0de88896f8459f4e5e0cbf8dcb142f45ea6c2e753d125ce1e56b2984
Red Hat Security Advisory 2018-1463-01
Posted May 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1463-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-1417, CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 80ce6d0081fec02cd94f1f4ffeaf0d179a18234d8f8ba21736afebe5737f2d94
Debian Security Advisory 4166-1
Posted Apr 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4166-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

tags | advisory, java, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 6f36f4da2f3eb8043a433062d4aad7c8ab82511dadd128bdfbebde9f80182976
Ubuntu Security Notice USN-3614-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3614-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. Various other issues were also addressed.

tags | advisory, java, remote, spoof
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 65f8a0d0aab5a2c6072e2706dcbe72635130ec35592468e4424476e34701f86f
Ubuntu Security Notice USN-3613-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3613-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 928013bd5e1ee1d64cc4573070b7f35cde515ccf144ffe9f8098bc389a7993d3
Debian Security Advisory 4144-1
Posted Mar 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4144-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

tags | advisory, java, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 2d5384afbd0e90976390bc413c367bc0957397bf968c6767eda699136dbe59b4
Red Hat Security Advisory 2018-0521-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0521-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 7ae5584ed48fb8fe5feace735645093fc305fc5409fc9f6a5cbe1d76430117c6
Red Hat Security Advisory 2018-0458-01
Posted Mar 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0458-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Security Fix: OpenJDK: insufficient validation of the invokeinterface instruction OpenJDK: LDAPCertStore insecure handling of LDAP referrals.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 15f403872c4df4568761419deebb48ed3ea9fcbea017fcebb06d648353448d44
Red Hat Security Advisory 2018-0349-01
Posted Feb 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0349-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | a5193bcd01498012225250e8c493b1011be7f27b55df40690e4a03b7aac1fecd
Red Hat Security Advisory 2018-0352-01
Posted Feb 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0352-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 0747b311eba7722f568906e172a0f201037893e0f8ddd8b951ef3a339b7dd292
Red Hat Security Advisory 2018-0351-01
Posted Feb 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0351-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | af327ee7be945314f6bdd71373f6b237240539412ecb3a9c8b991c77002eea53
Red Hat Security Advisory 2018-0115-01
Posted Jan 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0115-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 181. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | a282016f6ca8ca2c34b370151c16fa7d27f3526cc5f5974a70c432afe358a6b5
Red Hat Security Advisory 2018-0100-01
Posted Jan 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0100-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 171. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 8540f9feeff78bc07d82fc40fdf1ac168688d391d6df121ef7ed0dba3daea02b
Red Hat Security Advisory 2018-0099-01
Posted Jan 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0099-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | da3b985a579d8f6663d0d08ddcced8c6d62cf2eeab46fa3c5328353efe6b5f1d
Red Hat Security Advisory 2018-0095-01
Posted Jan 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0095-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 9a9ead0be0c0b8603f1341e6ae2cc4afc54e6876629a31bc348d58a8e1be5ea7
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close