Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00266.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Hp
  • Xp7 Command View
Mcafee
  • Epolicy Orchestrator
Opensuse
  • Leap
Oracle
  • Jdk
  • Jre
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
  • Network Satellite
  • Openshift Container Platform
  • Rhel Extras
  • Satellite

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.212.b04-0.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:0774 2019-04-17T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:0790 2019-04-22T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2019:1163 2019-05-13T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2019:1165 2019-05-13T00:00:00Z
Red Hat Enterprise Linux 7
java-1.8.0-openjdk-1:1.8.0.212.b04-0.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0775 2019-04-17T00:00:00Z
java-11-openjdk-1:11.0.3.7-0.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0778 2019-04-17T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0791 2019-04-22T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2019:1164 2019-05-13T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2019:1166 2019-05-13T00:00:00Z
Red Hat Enterprise Linux 8
java-1.8.0-openjdk-1:1.8.0.212.b04-1.el8_0 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:1146 2019-05-13T00:00:00Z
java-11-openjdk-1:11.0.3.7-2.el8_0 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:1518 2019-06-18T00:00:00Z
java-1.8.0-ibm-1:1.8.0.5.35-3.el8_0 cpe:/a:redhat:enterprise_linux:8::supplementary RHSA-2019:1238 2019-05-16T00:00:00Z
Red Hat Satellite 5.8
java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10 cpe:/a:redhat:network_satellite:5.8::el6 RHSA-2019:1325 2019-06-04T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-1782-1 openjdk-7 security update
Debian DSA Debian DSA DSA-4453-1 openjdk-8 security update
EUVD EUVD EUVD-2019-12242 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Ubuntu USN Ubuntu USN USN-3975-1 OpenJDK vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2019:0959 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1146 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1163 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1166 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1238 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1325 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1518 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10285 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-2602 cve-icon
https://seclists.org/bugtraq/2019/May/75 cve-icon cve-icon
https://security.gentoo.org/glsa/201908-10 cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us cve-icon cve-icon
https://usn.ubuntu.com/3975-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-2602 cve-icon
https://www.debian.org/security/2019/dsa-4453 cve-icon cve-icon
History

Wed, 02 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2024-10-02T15:59:49.648Z

Reserved: 2018-12-14T00:00:00

Link: CVE-2019-2602

cve-icon Vulnrichment

Updated: 2024-08-04T18:56:44.653Z

cve-icon NVD

Status : Modified

Published: 2019-04-23T19:32:50.707

Modified: 2024-11-21T04:41:11.610

Link: CVE-2019-2602

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-04-16T00:00:00Z

Links: CVE-2019-2602 - Bugzilla

cve-icon OpenCVE Enrichment

No data.