Kaspersky Threats

Detect date

?

10/16/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

An unspecified vulnerability in Scripting component can be exploited remotely to execute arbitrary code;
An unspecified vulnerability in JavaFX component can be exploited remotely to execute arbitrary code;
An unspecified vulnerability in Hotspot component can be exploited remotely to execute arbitrary code;
An unspecified vulnerability in JNDI component can be exploited locally to execute arbitrary code;
An unspecified vulnerability in Serviceability component can be exploited remotely to obtain sensitive information;
An unspecified vulnerability in JSSE component can be exploited remotely to obtain sensitive information;
An unspecified vulnerability in Sound component can be exploited remotely to cause denial of service;
An unspecified vulnerability in Sound component can be exploited remotely to obtain sensitive information;
An unspecified vulnerability in Utility component can be exploited remotely to bypass security restrictions;
An unspecified vulnerability in libpng can be exploited remotely to cause denial of service;
An unspecified vulnerability in Security component can be exploited remotely to bypass security restrictions;
An unspecified vulnerability in Networking component can be exploited remotely to bypass security restrictions;

Affected products

Java SE 6u201 and earlier
Java SE 7u191 and earlier
Java SE 8u182 and earlier
Java SE 11 and earlier
Java SE Embedded 8u181 and earlier
JRockit R28.3.19 and earlier

Solution

Update to the latest version
Oracle software downloads

Original advisories

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

Detect date ?	10/16/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: An unspecified vulnerability in Scripting component can be exploited remotely to execute arbitrary code; An unspecified vulnerability in JavaFX component can be exploited remotely to execute arbitrary code; An unspecified vulnerability in Hotspot component can be exploited remotely to execute arbitrary code; An unspecified vulnerability in JNDI component can be exploited locally to execute arbitrary code; An unspecified vulnerability in Serviceability component can be exploited remotely to obtain sensitive information; An unspecified vulnerability in JSSE component can be exploited remotely to obtain sensitive information; An unspecified vulnerability in Sound component can be exploited remotely to cause denial of service; An unspecified vulnerability in Sound component can be exploited remotely to obtain sensitive information; An unspecified vulnerability in Utility component can be exploited remotely to bypass security restrictions; An unspecified vulnerability in libpng can be exploited remotely to cause denial of service; An unspecified vulnerability in Security component can be exploited remotely to bypass security restrictions; An unspecified vulnerability in Networking component can be exploited remotely to bypass security restrictions;
Affected products	Java SE 6u201 and earlier Java SE 7u191 and earlier Java SE 8u182 and earlier Java SE 11 and earlier Java SE Embedded 8u181 and earlier JRockit R28.3.19 and earlier
Solution	Update to the latest version Oracle software downloads
Original advisories	https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?]
Related products	Oracle Java JRE 1.8.x Oracle JRockit
CVE-IDS ?	CVE-2018-31836.8High CVE-2018-32095.1High CVE-2018-31695.1High CVE-2018-31495.1High CVE-2018-32113.3Warning CVE-2018-31806.8High CVE-2018-32145.0Critical CVE-2018-31574.3Warning CVE-2018-31504.3Warning CVE-2018-137854.3Warning CVE-2018-31362.6Warning CVE-2018-31392.6Warning
	Find out the statistics of the vulnerabilities spreading in your region

KLA11340Multiple vulnerabilities in Oracle Java SE

KLA11340
Multiple vulnerabilities in Oracle Java SE