Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00172.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Oracle Corporation Java affected
Version Status Constraints
Java SE: 7u211, 8u202, 11.0.2, 12 affected
Java SE Embedded: 8u201 affected

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.212.b04-0.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:0774 2019-04-17T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:0790 2019-04-22T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2019:1163 2019-05-13T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2019:1165 2019-05-13T00:00:00Z
Red Hat Enterprise Linux 7
java-1.8.0-openjdk-1:1.8.0.212.b04-0.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0775 2019-04-17T00:00:00Z
java-11-openjdk-1:11.0.3.7-0.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0778 2019-04-17T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0791 2019-04-22T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2019:1164 2019-05-13T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2019:1166 2019-05-13T00:00:00Z
Red Hat Enterprise Linux 8
java-1.8.0-openjdk-1:1.8.0.212.b04-1.el8_0 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:1146 2019-05-13T00:00:00Z
java-11-openjdk-1:11.0.3.7-2.el8_0 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:1518 2019-06-18T00:00:00Z
java-1.8.0-ibm-1:1.8.0.5.35-3.el8_0 cpe:/a:redhat:enterprise_linux:8::supplementary RHSA-2019:1238 2019-05-16T00:00:00Z
Red Hat Satellite 5.8
java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10 cpe:/a:redhat:network_satellite:5.8::el6 RHSA-2019:1325 2019-06-04T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Canonical Subscribe
Ubuntu Linux Subscribe
Debian Subscribe
Debian Linux Subscribe
Hp Subscribe
Xp7 Command View Subscribe
Mcafee Subscribe
Epolicy Orchestrator Subscribe
Opensuse Subscribe
Leap Subscribe
Oracle Subscribe
Jdk Subscribe
Jre Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Enterprise Linux Desktop Subscribe
Enterprise Linux Eus Subscribe
Enterprise Linux Server Subscribe
Enterprise Linux Server Aus Subscribe
Enterprise Linux Server Tus Subscribe
Enterprise Linux Workstation Subscribe
Network Satellite Subscribe
Openshift Container Platform Subscribe
Rhel Extras Subscribe
Satellite Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-1782-1 openjdk-7 security update
Debian DSA Debian DSA DSA-4453-1 openjdk-8 security update
EUVD EUVD EUVD-2019-12242 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Ubuntu USN Ubuntu USN USN-3975-1 OpenJDK vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2019:0959 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1146 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1163 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1166 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1238 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1325 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1518 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10285 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-2602 cve-icon
https://seclists.org/bugtraq/2019/May/75 cve-icon cve-icon
https://security.gentoo.org/glsa/201908-10 cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us cve-icon cve-icon
https://usn.ubuntu.com/3975-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-2602 cve-icon
https://www.debian.org/security/2019/dsa-4453 cve-icon cve-icon
History

Wed, 02 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2024-10-02T15:59:49.648Z

Reserved: 2018-12-14T00:00:00

Link: CVE-2019-2602

cve-icon Vulnrichment

Updated: 2024-08-04T18:56:44.653Z

cve-icon NVD

Status : Modified

Published: 2019-04-23T19:32:50.707

Modified: 2024-11-21T04:41:11.610

Link: CVE-2019-2602

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-04-16T00:00:00Z

Links: CVE-2019-2602 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses