CVE-2019-2602

high-risk

Published 2019-04-23

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Jdk

Jre

Openshift Container Platform

Satellite

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Affected Vendors

Hp Debian Redhat Oracle Mcafee Canonical Opensuse

References (42)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0959

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1146

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1163

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1164

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1165

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1166

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1238

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1325

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1518

Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10285

Mailing List https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html

Mailing List https://seclists.org/bugtraq/2019/May/75

Third Party Advisory https://security.gentoo.org/glsa/201908-10

Third Party Advisory https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...

Third Party Advisory https://usn.ubuntu.com/3975-1/

and 22 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 24/34 · High