What is CVE-2018-2657?

CVE-2018-2657 is a vulnerability in the Java SE JRockit component of Oracle Java SE (subcomponent: Serialization).

What versions of Java SE are affected by CVE-2018-2657?

Java SE versions 6u171 and 7u161 are affected by CVE-2018-2657.

What versions of JRockit are affected by CVE-2018-2657?

JRockit version R28.3.16 is affected by CVE-2018-2657.

Is CVE-2018-2657 easily exploitable?

Yes, CVE-2018-2657 is an easily exploitable vulnerability.

How can an attacker exploit CVE-2018-2657?

An unauthenticated attacker with network access via multiple protocols can exploit CVE-2018-2657.

Vulnerability/
CVE-2018-2657

medium

5.3

17/1/2018

18/1/2018

3/10/2024

CVE-2018-2657

First published: Wed Jan 17 2018(Updated: )

Oracle Java SE 6u181 and 7u171 fixes an unspecified vulnerability in the Serialization component (<a href="https://access.redhat.com/security/cve/CVE-2018-2657">CVE-2018-2657</a>). Upstream has CVSS scored this issue as: 5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L External Reference: <a href="http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA">http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA</a>

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle JDK	=1.6.0-update171
Oracle JDK	=1.7.0-update161
Oracle JRE	=1.6.0-update171
Oracle JRE	=1.7.0-update161
Oracle JRockit	=r28.3.16
Redhat Satellite	=5.6
Redhat Satellite	=5.7
Redhat Satellite	=5.8
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Eus	=7.5
Redhat Enterprise Linux Workstation	=6.0
Schneider-electric Struxureware Data Center Expert	<7.6.0
Hp Xp Command View	>=8.6.2-01
Hp Xp P9000 Command View	>=8.6.2-01
Hp Xp7 Command View	>=8.6.2-01

Remedy

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-2657?
CVE-2018-2657 is a vulnerability in the Java SE JRockit component of Oracle Java SE (subcomponent: Serialization).
What versions of Java SE are affected by CVE-2018-2657?
Java SE versions 6u171 and 7u161 are affected by CVE-2018-2657.
What versions of JRockit are affected by CVE-2018-2657?
JRockit version R28.3.16 is affected by CVE-2018-2657.
Is CVE-2018-2657 easily exploitable?
Yes, CVE-2018-2657 is an easily exploitable vulnerability.
How can an attacker exploit CVE-2018-2657?
An unauthenticated attacker with network access via multiple protocols can exploit CVE-2018-2657.

collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-2657
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/oracle
canonical/oracle jdk
version/oracle jdk/1.6.0-update171
version/oracle jdk/1.7.0-update161
canonical/oracle jre
version/oracle jre/1.6.0-update171
version/oracle jre/1.7.0-update161
canonical/oracle jrockit
version/oracle jrockit/r28.3.16
vendor/redhat
canonical/redhat satellite
version/redhat satellite/5.6
version/redhat satellite/5.7
version/redhat satellite/5.8
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.5
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
vendor/schneider-electric
canonical/schneider-electric struxureware data center expert
vendor/hp
canonical/hp xp command view
version/hp xp command view/8.6.2-01
canonical/hp xp p9000 command view
version/hp xp p9000 command view/8.6.2-01
canonical/hp xp7 command view
version/hp xp7 command view/8.6.2-01