#VU10142 Denial of service in Oracle Java SE and JRockit


Vulnerability identifier: #VU10142

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2663

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Java SE
Universal components / Libraries / Software for developers
JRockit
Server applications / Web servers

Vendor: Oracle

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Oracle Java SE: 7u161, 6u171, 8u151 - 8u152, 9.0.1

JRockit: r28.3.16

External links
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cognos Business Intelligence Server
Multiple vulnerabilities in IBM Cognos Insight
Red Hat update for Oracle Java SE
Multiple vulnerabilities in IBM MQ
Red Hat update for Oracle Java SE
Multiple vulnerabilities in IBM AIX
Debian update for openjdk-7
Amazon Linux AMI update for java-1.7.0-openjdk
SUSE Linux update for java-1
Gentoo update for Oracle JDK/JRE