KLA11340
Multiple vulnerabilities in Oracle Java SE
Обновлено: 26/06/2019
Дата обнаружения
16/10/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in Scripting component can be exploited remotely to execute arbitrary code;
  2. An unspecified vulnerability in JavaFX component can be exploited remotely to execute arbitrary code;
  3. An unspecified vulnerability in Hotspot component can be exploited remotely to execute arbitrary code;
  4. An unspecified vulnerability in JNDI component can be exploited locally to execute arbitrary code;
  5. An unspecified vulnerability in Serviceability component can be exploited remotely to obtain sensitive information;
  6. An unspecified vulnerability in JSSE component can be exploited remotely to obtain sensitive information;
  7. An unspecified vulnerability in Sound component can be exploited remotely to cause denial of service;
  8. An unspecified vulnerability in Sound component can be exploited remotely to obtain sensitive information;
  9. An unspecified vulnerability in Utility component can be exploited remotely to bypass security restrictions;
  10. An unspecified vulnerability in libpng can be exploited remotely to cause denial of service;
  11. An unspecified vulnerability in Security component can be exploited remotely to bypass security restrictions;
  12. An unspecified vulnerability in Networking component can be exploited remotely to bypass security restrictions;
Пораженные продукты

Java SE 6u201 and earlier
Java SE 7u191 and earlier
Java SE 8u182 and earlier
Java SE 11 and earlier
Java SE Embedded 8u181 and earlier
JRockit R28.3.19 and earlier

Решение

Update to the latest version
Oracle software downloads

Первичный источник обнаружения
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]
Связанные продукты
Oracle Java JRE 1.8.x
Oracle JRockit
CVE-IDS
CVE-2018-31839.0Critical
CVE-2018-32098.3Critical
CVE-2018-31698.3Critical
CVE-2018-31498.3Critical
CVE-2018-32116.6High
CVE-2018-31805.6High
CVE-2018-32145.3High
CVE-2018-31573.7Warning
CVE-2018-31503.7Warning
CVE-2018-137853.7Warning
CVE-2018-31363.4Warning
CVE-2018-31393.1Warning