CVE-2019-2987

Severity

37%

Complexity

22%

Confidentiality

23%

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.1 Base Score 3.7. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 5 years ago

2019-10-16 18:15:00

Last updated 5 years ago

2019-10-22 08:15:00

Affected Software

Oracle JDK 11.0.4

11.0.4

Oracle JDK 13.0.0

13.0.0

Oracle JRE 11.0.4

11.0.4

Oracle JRE 13.0.0

13.0.0

Red Hat Enterprise Linux Desktop 6.0

6.0

Red Hat Enterprise Linux Server 6.0

6.0

Red Hat Enterprise Linux Workstation 6.0

6.0

NetApp E-Series SANtricity OS Controller

NetApp E-Series SANtricity Unified Manager

Debian Linux 10

10

References

openSUSE-SU-2019:2557

openSUSE-SU-2019:2565

openSUSE-SU-2019:2687

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Patch, Vendor Advisory

RHSA-2019:3134

Third Party Advisory

RHSA-2019:3135

Third Party Advisory

RHSA-2019:3136

Third Party Advisory

RHSA-2019:3157

RHSA-2019:3158

[debian-lts-announce] 20191207 [SECURITY] [DLA 2023-1] openjdk-7 security update

20191021 [SECURITY] [DSA 4548-1] openjdk-8 security update

20191021 [SECURITY] [DSA 4546-1] openjdk-11 security update

https://security.netapp.com/advisory/ntap-20191017-0001/

Third Party Advisory

USN-4223-1

DSA-4546

Third Party Advisory

DSA-4548

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.