Lucene search

K
cveOracleCVE-2019-2769
HistoryJul 23, 2019 - 11:15 p.m.

CVE-2019-2769

2019-07-2323:15:40
oracle
web.nvd.nist.gov
297
2
cve-2019-2769
oracle
java se
java se embedded
vulnerability
dos
network access
security
exploit

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.6

Confidence

High

EPSS

0.003

Percentile

69.7%

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Nvd
Vulners
Node
oraclejdkMatch1.7.0update221
OR
oraclejdkMatch1.8.0update211
OR
oraclejdkMatch1.8.0update212
OR
oraclejdkMatch11.0.3
OR
oraclejdkMatch12.0.1
OR
oraclejreMatch1.7.0update221
OR
oraclejreMatch1.8.0update211
OR
oraclejreMatch1.8.0update212
OR
oraclejreMatch11.0.3
OR
oraclejreMatch12.0.1
Node
debiandebian_linuxMatch8.0
Node
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
redhatsatelliteMatch5.8
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch8.6
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
hpxp7_command_viewRange<8.7.0-00advanced
Node
mcafeeepolicy_orchestratorMatch5.9.0
OR
mcafeeepolicy_orchestratorMatch5.9.1
OR
mcafeeepolicy_orchestratorMatch5.10.0-
OR
mcafeeepolicy_orchestratorMatch5.10.0update_1
OR
mcafeeepolicy_orchestratorMatch5.10.0update_2
OR
mcafeeepolicy_orchestratorMatch5.10.0update_3
OR
mcafeeepolicy_orchestratorMatch5.10.0update_4
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
VendorProductVersionCPE
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update221:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update211:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update212:*:*:*:*:*:*
oraclejdk11.0.3cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*
oraclejdk12.0.1cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update221:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update211:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update212:*:*:*:*:*:*
oraclejre11.0.3cpe:2.3:a:oracle:jre:11.0.3:*:*:*:*:*:*:*
oraclejre12.0.1cpe:2.3:a:oracle:jre:12.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 331

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 7u221, 8u212, 11.0.3, 12.0.1"
      },
      {
        "status": "affected",
        "version": "Java SE Embedded: 8u211"
      }
    ]
  }
]

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.6

Confidence

High

EPSS

0.003

Percentile

69.7%