Kaspersky ID:
KLA11234
Дата обнаружения:
17/04/2018
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Oracle products. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information, cause denial of service and perform unspecified attacks.

Below is a complete list of vulnerabilities:

  1. Multiple unspecified vulnerabilities in the Libraries component can be exploited remotely to bypass security restrictions;
  2. An unspecified vulnerability in the Libraries component can be exploited remotely to bypass security restrictions;
  3. An unspecified vulnerability in the Install component can be exploited locally to perform unspecified attacks;
  4. An unspecified vulnerability in the Security component can be exploited locally via a specially crafted JCEKS key store to execute arbitrary code and obtain sensitive information;
  5. An unspecified vulnerability in the Security component can be exploited remotely to perform unspecified attacks;
  6. An unbounded memory allocation during deserialization in Container can be exploited remotely via specially crafted input to cause denial of service;
  7. An unbounded memory allocation during deserialization in PriorityBlockingQueue can be exploited remotely via specially crafted input to cause denial of service;
  8. An unbounded memory allocation during deserialization in NamedNodeMapImpl can be exploited remotely via specially crafted input to cause denial of service;
  9. An unbounded memory allocation during deserialization in TabularDataSupport can be exploited remotely via specially crafted input to cause denial of service;
  10. An insufficient consistency checks in deserialization of multiple classes in the Security component can be exploited remotely via specially crafted input to cause denial of service;
  11. An unbounded memory allocation during deserialization in StubIORImpl can be exploited remotely via specially crafted input to cause denial of service;
  12. An unspecified vulnerabilities in the RMI can be exploited remotely to bypass security restrictions;
  13. An incorrect merging of sections in the JAR manifest can be exploited remotely to bypass security restrictions.

Technical details

Java SE 10 is affected by vulnerabilities (1)-(11) and (13)

Java SE 8 is affected by vulnerabilities (2)-(13)

Java SE 6 and 7 is affected by vulnerabilities (2) and (4)-(13)

Java SE Embedded 8 is affected by vulnerabilities (2), (5)-(11) and (13)

JRockit is affected by vulnerabilities (5)-(12)

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2018-2811
    warning
  • CVE-2018-2814
    high
  • CVE-2018-2815
    warning
  • CVE-2018-2783
    high
  • CVE-2018-2826
    high
  • CVE-2018-2790
    warning
  • CVE-2018-2825
    high
  • CVE-2018-2794
    warning
  • CVE-2018-2795
    warning
  • CVE-2018-2796
    warning
  • CVE-2018-2797
    warning
  • CVE-2018-2798
    warning
  • CVE-2018-2799
    warning
  • CVE-2018-2800
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.