CVE-2019-2602

HIGHScheduled

Published:Apr 23, 2019(7 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth RequiredNo InteractionLow Complexity

Vulnerability Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Attack Characteristics

Network AccessLow ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
oracle	jdk	-	-
oracle	jdk	-	-

Timeline

Published
CVE disclosed publicly
Apr 23, 20197 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007....Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058....Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059....Mailing List

CVSS Score

v3.1

7.5/ 10.0

HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

At a Glance

Affected Products

References

oracle / jdk

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013....Mailing List

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813...Patch

https://access.redhat.com/errata/RHBA-2019:0959Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1146Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1163Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1164Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1165Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1166Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1238Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1325Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1518Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10285Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/05/msg00011.htmlMailing List

https://seclists.org/bugtraq/2019/May/75Mailing List

https://security.gentoo.org/glsa/201908-10Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=...Third Party Advisory

https://usn.ubuntu.com/3975-1/Third Party Advisory

https://www.debian.org/security/2019/dsa-4453Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007....Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059....Mailing List