exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

CVE-2018-3149

Status Candidate

Overview

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Related Files

Gentoo Linux Security Advisory 201908-10
Posted Aug 15, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-10 - Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites. Versions less than 1.8.0.202:1.8 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3157, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214, CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698, CVE-2019-2699
SHA-256 | 92eaf04612298402d520565d158aa4cdf0610a9748c3117d082bf3e1de650ebc
Red Hat Security Advisory 2018-3852-01
Posted Dec 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3852-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | 9d4f7bc666bf94a492aff063465bfd97a5d1aa5e574805c94c9ec1e09d2be252
Red Hat Security Advisory 2018-3779-01
Posted Dec 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3779-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | b0b5339ee3d473201818a39d93de9bbc73b8fe97cc4c222cdf87a24afbecd344
Red Hat Security Advisory 2018-3671-01
Posted Nov 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3671-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | b9e101d4654d1ee487628b0854b423e6a5e72265a863ae854851e88b704f39d0
Red Hat Security Advisory 2018-3672-01
Posted Nov 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3672-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | de9a35cc190a2af10e419079bbc8309b996a09cfe811621caa087d3d2b12cfa2
Ubuntu Security Notice USN-3824-1
Posted Nov 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, ubuntu
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180
SHA-256 | 6c5ea49388e7e87aca6197cfe70cc7c9a28214d75613f18a1201e869b8704850
Red Hat Security Advisory 2018-3533-01
Posted Nov 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3533-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | cbafd6a88390e5eb75498f509692813f4707486c5cf68f4321300a3c3a979141
Red Hat Security Advisory 2018-3534-01
Posted Nov 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3534-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | 83f77043b0fc51469c74877f96ad23dd3aeaa9179fc8bd20ad70e5db6b99d115
Red Hat Security Advisory 2018-3521-01
Posted Nov 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3521-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include improper field access checks.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183
SHA-256 | de949b263bbfc36b1296f1a9a13e63a555b2d7005bddc5b1bee8a2150076f2ee
Red Hat Security Advisory 2018-3409-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3409-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include improper field access checks.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | 6147eb3e5d1fae8d0a5793c06b2a8eda373f483d4ac6dda6a73a943b1fd16c7f
Ubuntu Security Notice USN-3804-1
Posted Oct 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3804-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, ubuntu
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | e15df950ae42ae2ab659edb3e6cfece0fc615c4b7f8a387f8da9c1dd1bc78e46
Red Hat Security Advisory 2018-3350-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3350-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include improper field access checks.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | 3e1fdccf9d093af585bd0429081423352cbca33cf626c14063c82d2edd122acb
Debian Security Advisory 4326-1
Posted Oct 26, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4326-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | f65b0ae142b8e0d015848815c046f57b0298bdcd73ccef2bb8ebd095c347bdda
Red Hat Security Advisory 2018-3003-01
Posted Oct 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3003-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214
SHA-256 | 5447f8952aedcb2d337763f62e18f2145788a864124e4750f0454593b92cc5c4
Red Hat Security Advisory 2018-3002-01
Posted Oct 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3002-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214
SHA-256 | 5d9984f2fd90f05ca4904633a50f693fe5a0204e290fcc2a58560a1f62acf8d3
Red Hat Security Advisory 2018-3001-01
Posted Oct 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3001-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 201. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | 2b9e0d849414ac1735748156b8aeef8010cdedd81520dc5984bc4140314c2b4a
Red Hat Security Advisory 2018-3000-01
Posted Oct 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3000-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 201. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214
SHA-256 | a93e5b26d50e155dc32b2882cda85debfbb400f15d4356fc4191e5b93331aa7b
Red Hat Security Advisory 2018-3008-01
Posted Oct 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3008-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 211. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3180, CVE-2018-3214
SHA-256 | bc94839eae2c0fb885dcffdcdbb3ac18844d51bb390562a58eb2019851d39498
Red Hat Security Advisory 2018-3007-01
Posted Oct 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3007-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 211. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2018-13785, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3180, CVE-2018-3214
SHA-256 | d33ed9274586089907ca6e62f732423aa29e755c29fb58b663334ceabcab53a2
Red Hat Security Advisory 2018-2942-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2942-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include improper access controls.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | d1a8daa978552d839173b7222173bf9268ca5a14264ff855e1135931c5b994f8
Red Hat Security Advisory 2018-2943-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2943-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include improper access checks.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | c21292dc76bd098bf315c666c0c295bef722f34ef0cd50adf37b94f4075f03ff
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close