Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-111503
HistoryJan 14, 2020 - 12:00 a.m.

Oracle Java SE CVE-2020-2655 Remote Security Vulnerability

2020-01-1400:00:00
Symantec Security Response
www.symantec.com
10
JSON

Description

Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over ‘HTTPS’ protocol. This issue affects the ‘JSSE’ component. This vulnerability affects the following supported versions: Java SE: 11.0.5, 13.0.1

Technologies Affected

  • Oracle JDK(Linux Production Release) 11.0.5
  • Oracle JDK(Linux Production Release) 13.0.1
  • Oracle JDK(Solaris Production Release) 11.0.5
  • Oracle JDK(Solaris Production Release) 13.0.1
  • Oracle JDK(Windows Production Release) 11.0.5
  • Oracle JDK(Windows Production Release) 13.0.1
  • Oracle JRE(Linux Production Release) 11.0.5
  • Oracle JRE(Linux Production Release) 13.0.1
  • Oracle JRE(Solaris Production Release) 11.0.5
  • Oracle JRE(Solaris Production Release) 13.0.1
  • Oracle JRE(Windows Production Release) 11.0.5
  • Oracle JRE(Windows Production Release) 13.0.1

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Set web browser security to disable the execution of script code or active content.
Disabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.

Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.

Updates are available. Please see the references or vendor advisory for more information.

Related

prion 1
ubuntucve 1
alpinelinux 1
debiancve 1
cve 1
veracode 1
redhatcve 1
openvas 9
f5 1
nessus 22
redhat 3
osv 1
suse 1
debian 1
oraclelinux 2
centos 1
ubuntu 1
amazon 1
kaspersky 1
ibm 5
photon 6
altlinux 1
oracle 1
prion
prion
Design/Logic Flaw
2020-01-15 17:15:00
ubuntucve
ubuntucve
CVE-2020-2655
2020-01-15 00:00:00
alpinelinux
alpinelinux
CVE-2020-2655
2020-01-15 17:15:00
debiancve
debiancve
CVE-2020-2655
2020-01-15 17:15:00
cve
cve
CVE-2020-2655
2020-01-15 17:15:00
veracode
veracode
Authorization Bypass
2020-01-17 01:47:11
redhatcve
redhatcve
CVE-2020-2655
2020-01-15 11:39:04
openvas
openvas
Oracle Java SE Security Update (cpujan2020 - 03) - Windows
2020-01-16 00:00:00
Oracle Java SE Security Update (cpujan2020 - 03) - Linux
2020-01-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0213-1)
2021-04-19 00:00:00
f5
f5
K86435316 : OpenJDK vulnerabilities CVE-2020-2585 and CVE-2020-2655
2022-08-19 00:00:00
nessus
nessus
Oracle Linux 7 : java-11-openjdk (ELSA-2020-0122)
2020-01-17 00:00:00
CentOS 7 : java-11-openjdk (CESA-2020:0122)
2020-01-21 00:00:00
RHEL 8 : java-11-openjdk (RHSA-2020:0232)
2020-01-28 00:00:00
redhat
redhat
(RHSA-2020:0232) Important: java-11-openjdk security update
2020-01-27 08:07:50
(RHSA-2020:0128) Important: java-11-openjdk security update
2020-01-16 12:27:40
(RHSA-2020:0122) Important: java-11-openjdk security update
2020-01-16 10:46:10
osv
osv
openjdk-11 - security update
2020-01-19 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2020-01-28 00:00:00
debian
debian
[SECURITY] [DSA 4605-1] openjdk-11 security update
2020-01-19 21:52:05
oraclelinux
oraclelinux
java-11-openjdk security update
2020-01-20 00:00:00
java-11-openjdk security update
2020-01-16 00:00:00
centos
centos
java security update
2020-01-18 14:53:03
ubuntu
ubuntu
OpenJDK vulnerabilities
2020-01-28 00:00:00
amazon
amazon
Important: java-11-amazon-corretto
2020-01-14 23:07:00
kaspersky
kaspersky
KLA11646 Multiple vulnerabilities in Oracle JRE
2020-01-05 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Server
2021-04-01 20:28:01
Security Bulletin: Watson Machine Learning Service is impacted by security vulnerabilities in OpenJDK 11
2020-07-31 22:02:59
Security Bulletin: Multiple vulnerabilities in OpenJDK version 8 affect IBM InfoSphere Information Server
2021-04-01 20:45:06
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0235
2020-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-0235
2020-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-0084
2020-04-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.12.7-alt1_0jpp10
2021-08-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
JSON
Related for SMNTC-111503
prion1ubuntucve1alpinelinux1debiancve1cve1veracode1redhatcve1openvas9f51nessus22redhat3osv1suse1debian1oraclelinux2centos1ubuntu1amazon1kaspersky1ibm5photon6altlinux1oracle1