Vulnerability CVE-2019-2602


Published: 2019-04-23

Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Type:

CWE-284

(Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Openshift container platform 
Oracle -> JDK 
Oracle -> JRE 
Opensuse -> LEAP 

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:1146
https://access.redhat.com/errata/RHSA-2019:1163
https://access.redhat.com/errata/RHSA-2019:1164
https://access.redhat.com/errata/RHSA-2019:1165
https://access.redhat.com/errata/RHSA-2019:1166
https://access.redhat.com/errata/RHSA-2019:1238
https://access.redhat.com/errata/RHSA-2019:1325
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html
https://seclists.org/bugtraq/2019/May/75
https://usn.ubuntu.com/3975-1/
https://www.debian.org/security/2019/dsa-4453

Copyright 2020, cxsecurity.com

 

Back to Top