CVE-2019-2602 - Improper Access Control

Severity

50%

Complexity

99%

Confidentiality

48%

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 5 years ago

2019-04-23 19:32:00

Last updated 5 years ago

2019-06-04 17:29:00

Affected Software

Oracle JDK 1.7.0 Update 211

1.7.0

Oracle JDK 1.8.0 Update 201

1.8.0

Oracle JDK 1.8.0 Update 202

1.8.0

Oracle JDK 11.0.2

11.0.2

Oracle JDK 12

12

Oracle JRE 1.7.0 Update 211

1.7.0

Oracle JRE 1.8.0 Update 201

1.8.0

Oracle JRE 1.8.0 Update 202

1.8.0

Oracle JRE 11.0.2

11.0.2

Oracle JRE 12

12

Red Hat OpenShift Container Platform 3.11

3.11

openSUSE Leap 15.0

15.0

References

openSUSE-SU-2019:1327

Third Party Advisory

openSUSE-SU-2019:1438

openSUSE-SU-2019:1439

openSUSE-SU-2019:1500

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch, Vendor Advisory

RHBA-2019:0959

Third Party Advisory

RHSA-2019:1146

RHSA-2019:1163

RHSA-2019:1164

RHSA-2019:1165

RHSA-2019:1166

RHSA-2019:1238

RHSA-2019:1325

RHSA-2019:1518

https://kc.mcafee.com/corporate/index?page=content&id=SB10285

[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update

20190530 [SECURITY] [DSA 4453-1] openjdk-8 security update

GLSA-201908-10

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

USN-3975-1

DSA-4453

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.