CVE-2018-2799: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported vers
mediumvulnerability
security
Summary
A vulnerability in Oracle Java SE's JAXP (XML processing library) component allows an unauthenticated attacker with network access to partially disrupt Java services, affecting multiple Java versions including 7u171, 8u162, 10, and others. The flaw can be exploited through web applications, Java applets, or by sending malicious data directly to affected APIs, with a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.3 indicating moderate severity.
Vulnerability Details
CVSS Score
5.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
availability
Original source: https://nvd.nist.gov/vuln/detail/CVE-2018-2799
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 95%