CVE-2020-2654

LOW

Oracle OpenJDK 7u241, 8u231, 11.0.5, 13.0.1 - Unauthenticated Partial Denial of Service via Multiple Protocols

Title source: llm
STIX 2.1

Description

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References (21)

Core 21
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0128
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0122
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4605
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Jan/24
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0157
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0196
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200122-0003/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0232
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0231
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0202
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4257-1/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4621
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Feb/22
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0541
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0632
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10315
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202101-19

Scores

CVSS v3 3.7
EPSS 0.0034
EPSS Percentile 56.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (31)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
mcafee/epolicy_orchestrator 5.9.0
mcafee/epolicy_orchestrator 5.9.1
mcafee/epolicy_orchestrator 5.10.0 (7 CPE variants)
netapp/active_iq_unified_manager 7.3
... and 21 more
Published Jan 15, 2020
Tracked Since Feb 18, 2026