CVE-2019-2602

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html	Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:0959	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html
https://access.redhat.com/errata/RHSA-2019:1146
https://usn.ubuntu.com/3975-1/
https://access.redhat.com/errata/RHSA-2019:1166
https://access.redhat.com/errata/RHSA-2019:1165
https://access.redhat.com/errata/RHSA-2019:1164
https://access.redhat.com/errata/RHSA-2019:1163
https://access.redhat.com/errata/RHSA-2019:1238
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
https://www.debian.org/security/2019/dsa-4453
https://seclists.org/bugtraq/2019/May/75
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
https://access.redhat.com/errata/RHSA-2019:1325
https://access.redhat.com/errata/RHSA-2019:1518
https://kc.mcafee.com/corporate/index?page=content&id=SB10285
https://security.gentoo.org/glsa/201908-10
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:11.0.2:::::::*
	cpe:2.3:a:oracle:jdk:12:::::::*
	cpe:2.3:a:oracle:jre:11.0.2:::::::*
	cpe:2.3:a:oracle:jre:12:::::::*
	cpe:2.3:a:oracle:jdk:1.8.0:update201::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update202::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update211::::::
	cpe:2.3:a:oracle:jre:1.8.0:update201::::::
	cpe:2.3:a:oracle:jre:1.7.0:update211::::::
	cpe:2.3:a:oracle:jre:1.8.0:update202::::::

Configuration 2 (hide)

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Information

Published : 2019-04-23 19:32

Updated : 2022-05-13 14:57

NVD link : CVE-2019-2602

Mitre link : CVE-2019-2602

JSON object : View

Products Affected

opensuse

leap

redhat

openshift_container_platform

oracle

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

7.5^/10

5.0^/10