Rapid7 Vulnerability & Exploit Database

Oracle WebLogic: CVE-2018-10237 : Critical Patch Update

Back to Search

Oracle WebLogic: CVE-2018-10237 : Critical Patch Update

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

04/26/2018

Created

01/20/2021

Added

01/19/2021

Modified

01/19/2021

Description

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Solution(s)

oracle-weblogic-jan-2021-cpu-12_2_1_3_0

References

https://attackerkb.com/topics/cve-2018-10237
CVE - 2018-10237
RHSA-2018:2423
RHSA-2018:2424
RHSA-2018:2425
RHSA-2018:2428
RHSA-2018:2598
RHSA-2018:2643
RHSA-2018:2740
RHSA-2018:2741
RHSA-2018:2742
RHSA-2018:2743
RHSA-2018:2927
RHSA-2019:2858
RHSA-2019:3149
http://www.oracle.com/security-alerts/cpujan2021.html
https://support.oracle.com/rs?type=doc&id=2725756.1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle WebLogic: CVE-2018-10237 : Critical Patch Update