English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882845
Category:CentOS Local Security Checks
Title:CentOS Update for java CESA-2018:0349 centos7
Summary:Check the version of java
Description:Summary:
Check the version of java

Vulnerability Insight:
The java-1.7.0-openjdk packages provide
the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development
Kit.

Security Fix(es):

* A flaw was found in the AWT component of OpenJDK. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2018-2641)

* It was discovered that the LDAPCertStore class in the JNDI component of
OpenJDK failed to securely handle LDAP referrals. An attacker could
possibly use this flaw to make it fetch attacker controlled certificate
data. (CVE-2018-2633)

* The JGSS component of OpenJDK ignores the value of the
javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO
authentication and always uses global credentials. It was discovered that
this could cause global credentials to be unexpectedly used by an untrusted
Java application. (CVE-2018-2634)

* It was discovered that the JMX component of OpenJDK failed to properly
set the deserialization filter for the SingleEntryRegistry in certain
cases. A remote attacker could possibly use this flaw to bypass intended
deserialization restrictions. (CVE-2018-2637)

* It was discovered that the LDAP component of OpenJDK failed to properly
encode special characters in user names when adding them to an LDAP search
query. A remote attacker could possibly use this flaw to manipulate LDAP
queries performed by the LdapLoginModule class. (CVE-2018-2588)

* It was discovered that the DNS client implementation in the JNDI
component of OpenJDK did not use random source ports when sending out DNS
queries. This could make it easier for a remote attacker to spoof responses
to those queries. (CVE-2018-2599)

* It was discovered that the I18n component of OpenJDK could use an
untrusted search path when loading resource bundle classes. A local
attacker could possibly use this flaw to execute arbitrary code as another
local user by making their Java application load an attacker controlled
class file. (CVE-2018-2602)

* It was discovered that the Libraries component of OpenJDK failed to
sufficiently limit the amount of memory allocated when reading DER encoded
input. A remote attacker could possibly use this flaw to make a Java
application use an excessive amount of memory if it parsed attacker
supplied DER encoded input. (CVE-2018-2603)

* It was discovered that the key agreement implementations in the JCE
component of OpenJDK did not guarantee sufficient strength of used keys to
adequately protect generated shared secret. This could make it easier to
break data encryption by attacking key agreement rather than the encryption
using the negotiated secret. (CVE-2018 ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-2579
BugTraq ID: 102663
http://www.securityfocus.com/bid/102663
Debian Security Information: DSA-4144 (Google Search)
https://www.debian.org/security/2018/dsa-4144
Debian Security Information: DSA-4166 (Google Search)
https://www.debian.org/security/2018/dsa-4166
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html
RedHat Security Advisories: RHSA-2018:0095
https://access.redhat.com/errata/RHSA-2018:0095
RedHat Security Advisories: RHSA-2018:0099
https://access.redhat.com/errata/RHSA-2018:0099
RedHat Security Advisories: RHSA-2018:0100
https://access.redhat.com/errata/RHSA-2018:0100
RedHat Security Advisories: RHSA-2018:0115
https://access.redhat.com/errata/RHSA-2018:0115
RedHat Security Advisories: RHSA-2018:0349
https://access.redhat.com/errata/RHSA-2018:0349
RedHat Security Advisories: RHSA-2018:0351
https://access.redhat.com/errata/RHSA-2018:0351
RedHat Security Advisories: RHSA-2018:0352
https://access.redhat.com/errata/RHSA-2018:0352
RedHat Security Advisories: RHSA-2018:0458
https://access.redhat.com/errata/RHSA-2018:0458
RedHat Security Advisories: RHSA-2018:0521
https://access.redhat.com/errata/RHSA-2018:0521
RedHat Security Advisories: RHSA-2018:1463
https://access.redhat.com/errata/RHSA-2018:1463
RedHat Security Advisories: RHSA-2018:1812
https://access.redhat.com/errata/RHSA-2018:1812
http://www.securitytracker.com/id/1040203
https://usn.ubuntu.com/3613-1/
https://usn.ubuntu.com/3614-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-2588
BugTraq ID: 102661
http://www.securityfocus.com/bid/102661
Common Vulnerability Exposure (CVE) ID: CVE-2018-2599
BugTraq ID: 102633
http://www.securityfocus.com/bid/102633
Common Vulnerability Exposure (CVE) ID: CVE-2018-2602
BugTraq ID: 102642
http://www.securityfocus.com/bid/102642
Common Vulnerability Exposure (CVE) ID: CVE-2018-2603
BugTraq ID: 102625
http://www.securityfocus.com/bid/102625
Common Vulnerability Exposure (CVE) ID: CVE-2018-2618
BugTraq ID: 102612
http://www.securityfocus.com/bid/102612
Common Vulnerability Exposure (CVE) ID: CVE-2018-2629
BugTraq ID: 102615
http://www.securityfocus.com/bid/102615
Common Vulnerability Exposure (CVE) ID: CVE-2018-2633
BugTraq ID: 102557
http://www.securityfocus.com/bid/102557
Common Vulnerability Exposure (CVE) ID: CVE-2018-2634
BugTraq ID: 102592
http://www.securityfocus.com/bid/102592
Common Vulnerability Exposure (CVE) ID: CVE-2018-2637
BugTraq ID: 102576
http://www.securityfocus.com/bid/102576
Common Vulnerability Exposure (CVE) ID: CVE-2018-2641
BugTraq ID: 102605
http://www.securityfocus.com/bid/102605
Common Vulnerability Exposure (CVE) ID: CVE-2018-2663
BugTraq ID: 102662
http://www.securityfocus.com/bid/102662
Common Vulnerability Exposure (CVE) ID: CVE-2018-2677
BugTraq ID: 102656
http://www.securityfocus.com/bid/102656
Common Vulnerability Exposure (CVE) ID: CVE-2018-2678
BugTraq ID: 102659
http://www.securityfocus.com/bid/102659
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.