5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.5%
Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine
Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation
exploitation of the vulnerability could allow a remote attacker to cause a denial of service.
Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could
Allow an attacker acting remotely to cause a denial of service
Vulnerability in the JGSS component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to buffer copying without checking the size of the input data. Exploitation
of the vulnerability could allow an attacker acting remotely to gain access to modify, add
or delete data
A vulnerability in the Libraries component of the Oracle GraalVM Enterprise Edition virtual machine exists due to an
insufficient validation of input data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data.
remotely gain access to modify, add, or delete data using network packets
A vulnerability in the Libraries component of Java SE software platforms exists due to insufficient input validation.
data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add or delete data using network packets.
modify, add, or delete data using network packets
Vulnerability in the implementation of the ECDSA digital signature algorithm of the Oracle Java SE software platform and the Oracle GraalVMM.
Oracle GraalVM Enterprise Edition virtual machine is associated with incorrect cryptographic signature verification.
signature. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality, integrity, and security of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine.
confidentiality, integrity, and availability of information
A vulnerability in the Security component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow
An attacker acting remotely could cause a denial of service
A vulnerability in the JNDI component of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine.
Edition exists due to insufficient input validation. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data using
using network packets
A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow
an attacker acting remotely to cause a partial denial of service
Vulnerability in the Libraries component of Java SE software platforms, Oracle GraalVM Virtual Machine
Enterprise Edition is associated with insufficient protection of service data. Exploitation of the vulnerability could
Allow a remote intruder to disclose protected information
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | java-1.8.0-openjdk | <= 1.8.0.402.b06-2 | UNKNOWN |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.5%