CVE-2019-2602

HIGH

Oracle JRE 7u211, 8u202, 11.0.2, 12 & Java SE Embedded 8u201 - DoS via Multiple Protocols

Title source: llm
STIX 2.1

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

References (21)

Core 21
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2019:0959
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1146
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3975-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1164
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1163
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1165
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1166
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1238
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4453
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/75
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1325
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1518
Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10285
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-10

Scores

CVSS v3 7.5
EPSS 0.0023
EPSS Percentile 46.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (39)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
canonical/ubuntu_linux 19.10
debian/debian_linux 8.0
debian/debian_linux 9.0
hp/xp7_command_view < 8.6.5-00
mcafee/epolicy_orchestrator 5.9.0
mcafee/epolicy_orchestrator 5.9.1
mcafee/epolicy_orchestrator 5.10.0
... and 29 more
Published Apr 23, 2019
Tracked Since Feb 18, 2026