KLA11340
Multiple vulnerabilities in Oracle Java SE

Updated: 06/03/2020
Detect date
?
10/16/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in Scripting component can be exploited remotely to execute arbitrary code;
  2. An unspecified vulnerability in JavaFX component can be exploited remotely to execute arbitrary code;
  3. An unspecified vulnerability in Hotspot component can be exploited remotely to execute arbitrary code;
  4. An unspecified vulnerability in JNDI component can be exploited locally to execute arbitrary code;
  5. An unspecified vulnerability in Serviceability component can be exploited remotely to obtain sensitive information;
  6. An unspecified vulnerability in JSSE component can be exploited remotely to obtain sensitive information;
  7. An unspecified vulnerability in Sound component can be exploited remotely to cause denial of service;
  8. An unspecified vulnerability in Sound component can be exploited remotely to obtain sensitive information;
  9. An unspecified vulnerability in Utility component can be exploited remotely to bypass security restrictions;
  10. An unspecified vulnerability in libpng can be exploited remotely to cause denial of service;
  11. An unspecified vulnerability in Security component can be exploited remotely to bypass security restrictions;
  12. An unspecified vulnerability in Networking component can be exploited remotely to bypass security restrictions;
Affected products

Java SE 6u201 and earlier
Java SE 7u191 and earlier
Java SE 8u182 and earlier
Java SE 11 and earlier
Java SE Embedded 8u181 and earlier
JRockit R28.3.19 and earlier

Solution

Update to the latest version
Oracle software downloads

Original advisories

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]
Related products
Oracle Java JRE 1.8.x
Oracle JRockit
CVE-IDS
?
CVE-2018-31836.8High
CVE-2018-32095.1High
CVE-2018-31695.1High
CVE-2018-31495.1High
CVE-2018-32113.3Warning
CVE-2018-31806.8High
CVE-2018-32145.0Critical
CVE-2018-31574.3Warning
CVE-2018-31504.3Warning
CVE-2018-137854.3Warning
CVE-2018-31362.6Warning
CVE-2018-31392.6Warning
Find out the statistics of the vulnerabilities spreading in your region