Lucene search

K
kasperskyKaspersky LabKLA11520
HistoryJul 16, 2019 - 12:00 a.m.

KLA11520 Multiple vulnerabilities in Oracle Java

2019-07-1600:00:00
Kaspersky Lab
threats.kaspersky.com
201

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

75.5%

Unspecified vulnerability was found in Oracle Java. Malicious users can exploit this vulnerability to cause denial of service or to cause another unspecified impact.

Below is complete list of vulnerabilities:

  1. Multiple vulnerabilities in Networking component of Java SE, Java SE Embedded can be exploited remotely to cause unspecified impact;
  2. Multiple vulnerabilities in Utilities component of Java SE, Java SE Embedded can be exploited remotely to cause unspecified impact;
  3. Vulnerability in AWT (libpng) component of Java SE, Java SE Embedded can be exploited remotely to cause denial of service;
  4. Vulnerability in JSSE component of Java SE can be exploited remotely to cause unspecified impact;
  5. Vulnerability in Security component of Java SE can be exploited locally to cause unspecified impact;
  6. Vulnerability in JCE component of Java SE can be exploited remotely to cause unspecified impact;
  7. Vulnerability in Security component of Java SE, Java SE Embedded can be exploited remotely to cause unspecified impact;
  8. Vulnerability in Security component of Java SE can be exploited remotely to cause unspecified impact;

Original advisories

Oracle Critical Patch Update Advisory – July 2019

Related products

Oracle-Java-JRE-1.7.x

Oracle-Java-JDK-1.7.x

Oracle-Java-JDK-1.8.x-3

Oracle-Java-JRE-1.8.x

Oracle-Java-JRE-1.9.x

Oracle-Java-JRE-1.10.x

CVE list

CVE-2019-7317 warning

CVE-2019-2821 warning

CVE-2019-2762 warning

CVE-2019-2769 warning

CVE-2019-2745 warning

CVE-2019-2816 high

CVE-2019-2842 warning

CVE-2019-2786 warning

CVE-2019-2818 warning

CVE-2019-2766 warning

Solution

Update to the latest version

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

  • Java SE 7 version 7u221 and earlierJava SE 8 version 8u212 and earlierJava SE 11 version 11.0.3 and earlierJava SE 12 version 12.0.1 and earlierJava Embedded version 8u211 and earlier

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

75.5%