CVE-2018-3150

Impact:
Moderate
Public Date:
2018-10-16
Bugzilla:
1642321: CVE-2018-3150 OpenJDK: Multi-Release attribute read from outside of the main manifest attributes (Utility, 8199171)

The MITRE CVE dictionary describes this issue as:

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Find out more about CVE-2018-3150 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 3.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (java-11-openjdk) RHSA-2018:3521 2018-11-07

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 java-1.8.0-openjdk Not affected
Red Hat Enterprise Linux 7 java-1.7.0-openjdk Not affected
Red Hat Enterprise Linux 6 java-1.7.0-openjdk Not affected
Red Hat Enterprise Linux 6 java-1.8.0-openjdk Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.