NVD Vulnerability Detail

CVE-2018-2800

Summary	Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
Publication Date	April 19, 2018, 11:29 a.m.
Registration Date	March 1, 2021, 7:23 p.m.
Last Update	Nov. 21, 2024, 1:04 p.m.

CVSS3.0 : MEDIUM
スコア	4.2
Vector	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更なし
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
Score	4.0
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:oracle:jdk:1.8.0:update162::::::
cpe:2.3:a:oracle:jdk:1.7.0:update171::::::
cpe:2.3:a:oracle:jdk:1.6.0:update181::::::
cpe:2.3:a:oracle:jre:1.6.0:update181::::::
cpe:2.3:a:oracle:jre:1.8.0:update162::::::
cpe:2.3:a:oracle:jre:1.7.0:update171::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:oracle:jrockit:r28.3.17:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:a:redhat:satellite:5.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:a:redhat:satellite:5.6:::::::*
cpe:2.3:a:redhat:satellite:5.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:a:schneider-electric:struxureware_data_center_expert::::::::				7.6.0
cpe:2.3:a:schneider-electric:struxureware_data_center_expert::::::::

Configuration7		or higher	or less	more than	less than
cpe:2.3:a:hp:xp7_command_view:::::advanced:::*

Related information, measures and tools

No	URL	タグ
1	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Vendor Advisory
2	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Vendor Advisory
3	http://www.securityfocus.com/bid/103849	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/103849	Third Party Advisory VDB Entry
5	http://www.securitytracker.com/id/1040697	Third Party Advisory VDB Entry
6	http://www.securitytracker.com/id/1040697	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2018:1188	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2018:1188	Third Party Advisory
9	https://access.redhat.com/errata/RHSA-2018:1191	Third Party Advisory
10	https://access.redhat.com/errata/RHSA-2018:1191	Third Party Advisory
11	https://access.redhat.com/errata/RHSA-2018:1201	Third Party Advisory
12	https://access.redhat.com/errata/RHSA-2018:1201	Third Party Advisory
13	https://access.redhat.com/errata/RHSA-2018:1202	Third Party Advisory
14	https://access.redhat.com/errata/RHSA-2018:1202	Third Party Advisory
15	https://access.redhat.com/errata/RHSA-2018:1203	Third Party Advisory
16	https://access.redhat.com/errata/RHSA-2018:1203	Third Party Advisory
17	https://access.redhat.com/errata/RHSA-2018:1204	Third Party Advisory
18	https://access.redhat.com/errata/RHSA-2018:1204	Third Party Advisory
19	https://access.redhat.com/errata/RHSA-2018:1205	Third Party Advisory
20	https://access.redhat.com/errata/RHSA-2018:1205	Third Party Advisory
21	https://access.redhat.com/errata/RHSA-2018:1206	Third Party Advisory
22	https://access.redhat.com/errata/RHSA-2018:1206	Third Party Advisory
23	https://access.redhat.com/errata/RHSA-2018:1270	Third Party Advisory
24	https://access.redhat.com/errata/RHSA-2018:1270	Third Party Advisory
25	https://access.redhat.com/errata/RHSA-2018:1278	Third Party Advisory
26	https://access.redhat.com/errata/RHSA-2018:1278	Third Party Advisory
27	https://access.redhat.com/errata/RHSA-2018:1721	Third Party Advisory
28	https://access.redhat.com/errata/RHSA-2018:1721	Third Party Advisory
29	https://access.redhat.com/errata/RHSA-2018:1722	Third Party Advisory
30	https://access.redhat.com/errata/RHSA-2018:1722	Third Party Advisory
31	https://access.redhat.com/errata/RHSA-2018:1723	Third Party Advisory
32	https://access.redhat.com/errata/RHSA-2018:1723	Third Party Advisory
33	https://access.redhat.com/errata/RHSA-2018:1724	Third Party Advisory
34	https://access.redhat.com/errata/RHSA-2018:1724	Third Party Advisory
35	https://access.redhat.com/errata/RHSA-2018:1974	Third Party Advisory
36	https://access.redhat.com/errata/RHSA-2018:1974	Third Party Advisory
37	https://access.redhat.com/errata/RHSA-2018:1975	Third Party Advisory
38	https://access.redhat.com/errata/RHSA-2018:1975	Third Party Advisory
39	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	Third Party Advisory
40	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	Third Party Advisory
41	https://security.gentoo.org/glsa/201903-14	Third Party Advisory
42	https://security.gentoo.org/glsa/201903-14	Third Party Advisory
43	https://security.netapp.com/advisory/ntap-20180419-0001/	Third Party Advisory
44	https://security.netapp.com/advisory/ntap-20180419-0001/	Third Party Advisory
45	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us	Third Party Advisory
46	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us	Third Party Advisory
47	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us	Third Party Advisory
48	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us	Third Party Advisory
49	https://usn.ubuntu.com/3644-1/	Third Party Advisory
50	https://usn.ubuntu.com/3644-1/	Third Party Advisory
51	https://usn.ubuntu.com/3691-1/	Third Party Advisory
52	https://usn.ubuntu.com/3691-1/	Third Party Advisory
53	https://www.debian.org/security/2018/dsa-4185	Third Party Advisory
54	https://www.debian.org/security/2018/dsa-4185	Third Party Advisory
55	https://www.debian.org/security/2018/dsa-4225	Third Party Advisory
56	https://www.debian.org/security/2018/dsa-4225	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Oracle Java SE および JRockit における RMI に関する脆弱性

Title	Oracle Java SE および JRockit における RMI に関する脆弱性
Summary	Oracle Java SE および JRockit には、RMI に関する処理に不備があるため、機密性、および完全性に影響のある脆弱性が存在します。
Possible impacts	リモートの攻撃者により、情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 17, 2018, midnight
Registration Date	May 7, 2018, 4:38 p.m.
Last Update	May 7, 2018, 4:38 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

オラクル

JDK 6 Update 181

JDK 7 Update 171

JDK 8 Update 162

JRE 6 Update 181

JRE 7 Update 171

JRE 8 Update 162

Oracle JRockit R28.3.17

日立

Cosminexus Developer's Kit for Java(TM)

Hitachi Application Server

Hitachi Application Server for Developers

Hitachi Automation Director

Hitachi Compute Systems Manager

Hitachi Compute Systems Manager Software

Hitachi Configuration Manager

Hitachi Developer's Kit for Java

Hitachi Device Manager

Hitachi Device Manager Software

Hitachi Dynamic Link Manager

Hitachi Dynamic Link Manager Software

Hitachi Global Link Manager

Hitachi Global Link Manager Software

Hitachi Infrastructure Analytics Advisor

Hitachi Replication Manager

Hitachi Replication Manager Software

Hitachi Tiered Storage Manager

Hitachi Tiered Storage Manager Software

Hitachi Tuning Manager

Hitachi Tuning Manager Software

uCosminexus Application Server

uCosminexus Application Server (64)

uCosminexus Application Server Enterprise

uCosminexus Application Server Standard

uCosminexus Application Server Standard -R

uCosminexus Client

uCosminexus Developer

uCosminexus Developer Professional

uCosminexus Developer Standard

uCosminexus Service Architect

uCosminexus Service Platform

uCosminexus Service Platform (64)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-2800	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2800
National Vulnerability Database (NVD)
2	CVE-2018-2800	https://nvd.nist.gov/vuln/detail/CVE-2018-2800

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-284	https://cwe.mitre.org/data/definitions/284.html

ベンダー情報

No	Name	URL
Hitachi Software Vulnerability Information
1	hitachi-sec-2018-111	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-111/index.html
2	hitachi-sec-2018-112	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-112/index.html
Oracle Critical Patch Update
3	Oracle Critical Patch Update Advisory - April 2018	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
4	Text Form of Oracle Critical Patch Update - April 2018 Risk Matrices	http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html
Red Hat Security Advisory
5	RHSA-2018:1188	https://access.redhat.com/errata/RHSA-2018:1188
6	RHSA-2018:1191	https://access.redhat.com/errata/RHSA-2018:1191
7	RHSA-2018:1201	https://access.redhat.com/errata/RHSA-2018:1201
8	RHSA-2018:1202	https://access.redhat.com/errata/RHSA-2018:1202
9	RHSA-2018:1203	https://access.redhat.com/errata/RHSA-2018:1203
10	RHSA-2018:1204	https://access.redhat.com/errata/RHSA-2018:1204
11	RHSA-2018:1205	https://access.redhat.com/errata/RHSA-2018:1205
12	RHSA-2018:1206	https://access.redhat.com/errata/RHSA-2018:1206
13	RHSA-2018:1270	https://access.redhat.com/errata/RHSA-2018:1270
14	RHSA-2018:1278	https://access.redhat.com/errata/RHSA-2018:1278
ソフトウェア製品セキュリティ情報
15	hitachi-sec-2018-111	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-111/index.html
16	hitachi-sec-2018-112	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-112/index.html
富士通セキュリティ情報
17	Oracle Corporation Javaプラグインの脆弱性に関するお知らせ	http://www.fmworld.net/biz/common/oracle/20180418.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Oracle Java の脆弱性対策について(CVE-2018-2814等)	https://www.ipa.go.jp/security/ciadr/vul/20180418-jre.html
JPCERT 注意喚起
2	JPCERT-AT-2018-0018	http://www.jpcert.or.jp/at/2018/at180018.html

Change Log

No	Changed Details	Date of change
1	[2018年05月07日] 掲載	May 7, 2018, 4:38 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:oracle:jdk:1.8.0:update162::::::
cpe:2.3:a:oracle:jdk:1.7.0:update171::::::
cpe:2.3:a:oracle:jdk:1.6.0:update181::::::
cpe:2.3:a:oracle:jre:1.6.0:update181::::::
cpe:2.3:a:oracle:jre:1.8.0:update162::::::
cpe:2.3:a:oracle:jre:1.7.0:update171::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:a:redhat:satellite:5.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:a:redhat:satellite:5.6:::::::*
cpe:2.3:a:redhat:satellite:5.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*