{"id":"CVE-2018-2799","details":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","modified":"2026-07-08T05:55:47.633648032Z","published":"2018-04-19T02:29:03.880Z","related":["CGA-m8pr-3gfp-9w23","SUSE-SU-2018:1447-1","SUSE-SU-2018:1458-1","SUSE-SU-2018:1690-1","SUSE-SU-2018:1690-2","SUSE-SU-2018:1692-1","SUSE-SU-2018:1692-2","SUSE-SU-2018:1738-1","SUSE-SU-2018:1738-2","SUSE-SU-2018:1764-1","SUSE-SU-2018:1764-2","SUSE-SU-2018:1938-1","SUSE-SU-2018:1938-2","SUSE-SU-2018:2068-1","openSUSE-SU-2024:10871-1","openSUSE-SU-2024:10872-1","openSUSE-SU-2024:10873-1","openSUSE-SU-2024:10876-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","extracted_events":[{"fixed":"7.6.0"}],"cpes":["cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*"],"vendor_product":"schneider-electric:struxureware_data_center_expert"},{"source":"CPE_STRING","extracted_events":[{"introduced":"14.04"},{"last_affected":"14.04"},{"introduced":"16.04"},{"last_affected":"16.04"},{"introduced":"17.10"},{"last_affected":"17.10"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"],"vendor_product":"canonical:ubuntu_linux"},{"source":"CPE_STRING","extracted_events":[{"introduced":"8.0"},{"last_affected":"8.0"},{"introduced":"9.0"},{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"},{"source":"CPE_STRING","extracted_events":[{"introduced":"1.7.0-update171"},{"last_affected":"1.7.0-update171"},{"introduced":"1.8.0-update162"},{"last_affected":"1.8.0-update162"},{"introduced":"10"},{"last_affected":"10"}],"cpes":["cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*"],"vendor_product":"oracle:jdk"},{"source":"CPE_STRING","extracted_events":[{"introduced":"1.7.0-update171"},{"last_affected":"1.7.0-update171"},{"introduced":"1.8.0-update162"},{"last_affected":"1.8.0-update162"},{"introduced":"10"},{"last_affected":"10"}],"cpes":["cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*"],"vendor_product":"oracle:jre"},{"source":"CPE_STRING","extracted_events":[{"introduced":"r28.3.17"},{"last_affected":"r28.3.17"}],"cpes":["cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*"],"vendor_product":"oracle:jrockit"},{"source":"CPE_STRING","extracted_events":[{"introduced":"6.0"},{"last_affected":"6.0"},{"introduced":"7.0"},{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_desktop"},{"source":"CPE_STRING","extracted_events":[{"introduced":"6.0"},{"last_affected":"6.0"},{"introduced":"7.0"},{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server"},{"source":"CPE_STRING","extracted_events":[{"introduced":"7.6"},{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_aus"},{"source":"CPE_STRING","extracted_events":[{"introduced":"7.5"},{"last_affected":"7.5"},{"introduced":"7.6"},{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_eus"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.6"},{"last_affected":"7.6"}],"vendor_product":"redhat:enterprise_linux_server_tus"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"6.0"},{"last_affected":"6.0"},{"introduced":"7.0"},{"last_affected":"7.0"}],"vendor_product":"redhat:enterprise_linux_workstation"},{"source":"CPE_STRING","extracted_events":[{"introduced":"5.6"},{"last_affected":"5.6"},{"introduced":"5.7"},{"last_affected":"5.7"},{"introduced":"5.8"},{"last_affected":"5.8"}],"cpes":["cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*","cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*","cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*"],"vendor_product":"redhat:satellite"}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103872"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040697"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1188"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1191"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1201"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1202"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1204"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1206"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1270"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1278"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1721"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1722"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1723"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1724"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1974"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1975"},{"type":"ADVISORY","url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-14"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180419-0001/"},{"type":"ADVISORY","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us"},{"type":"ADVISORY","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3644-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3691-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4185"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4225"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/xerces2-j","events":[{"introduced":"0"},{"fixed":"ba00fccee7a994e7421ecd2a4cc1bac59cc3bcd3"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.12.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-2799.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}