{"id":"CVE-2018-2657","details":"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","modified":"2026-05-04T08:21:45.342188Z","published":"2018-01-18T02:29:21.743Z","withdrawn":"2026-05-04T08:21:45.342188Z","related":["CGA-9p8c-f7mc-7ghj","SUSE-SU-2018:0630-1","SUSE-SU-2018:0645-1","SUSE-SU-2018:0694-1","SUSE-SU-2018:0743-1"],"references":[{"type":"ADVISORY","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/102629"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040203"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0100"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0115"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0521"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0458"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1463"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1812"},{"type":"ADVISORY","url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180117-0001/"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.6.0-update171"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update161"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-update171"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update161"}]},{"events":[{"introduced":"0"},{"last_affected":"r28.3.16"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6"}]},{"events":[{"introduced":"0"},{"last_affected":"5.7"}]},{"events":[{"introduced":"0"},{"last_affected":"5.8"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"fixed":"7.6.0"}]},{"events":[{"introduced":"8.6.2-01"}]},{"events":[{"introduced":"8.6.2-01"}]},{"events":[{"introduced":"8.6.2-01"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-2657.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}