Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Mcafee
  • Threat Intelligence Exchange Server
Netapp
  • 7-mode Transition Tool
  • Active Iq Unified Manager
  • Cloud Backup
  • Cloud Secure Agent
  • E-series Performance Analyzer
  • E-series Santricity Os Controller
  • E-series Santricity Web Services
  • Oncommand Insight
  • Oncommand Workflow Automation
  • Santricity Unified Manager
  • Snapmanager
  • Steelstore Cloud Integrated Storage
  • Storagegrid
Opensuse
  • Leap
Oracle
  • Jdk
  • Jre
  • Openjdk
Redhat
  • Enterprise Linux
  • Rhel E4s
  • Rhel Extras

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix1:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix2:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix3:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix1:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix2:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix3:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:hotfix1:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:hotfix1:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2020:1506 2020-04-21T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.261-2.6.22.1.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2020:1508 2020-04-21T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2020:2236 2020-05-20T00:00:00Z
java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2020:2239 2020-05-20T00:00:00Z
Red Hat Enterprise Linux 7
java-1.7.0-openjdk-1:1.7.0.261-2.6.22.2.el7_8 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:1507 2020-04-21T00:00:00Z
java-11-openjdk-1:11.0.7.10-4.el7_8 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:1509 2020-04-21T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:1512 2020-04-21T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2020:2237 2020-05-20T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2020:2238 2020-05-20T00:00:00Z
Red Hat Enterprise Linux 8
java-11-openjdk-1:11.0.7.10-1.el8_1 cpe:/a:redhat:enterprise_linux:8 RHSA-2020:1514 2020-04-21T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 cpe:/a:redhat:enterprise_linux:8 RHSA-2020:1515 2020-04-22T00:00:00Z
java-1.8.0-ibm-1:1.8.0.6.10-1.el8_2 cpe:/a:redhat:enterprise_linux:8::supplementary RHSA-2020:2241 2020-05-20T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 cpe:/a:redhat:rhel_e4s:8.0 RHSA-2020:1516 2020-04-22T00:00:00Z
java-11-openjdk-1:11.0.7.10-1.el8_0 cpe:/a:redhat:rhel_e4s:8.0 RHSA-2020:1517 2020-04-22T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10318 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-2781 cve-icon
https://security.gentoo.org/glsa/202006-22 cve-icon cve-icon
https://security.gentoo.org/glsa/202209-15 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20200416-0004/ cve-icon cve-icon
https://usn.ubuntu.com/4337-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-2781 cve-icon
https://www.debian.org/security/2020/dsa-4662 cve-icon cve-icon
https://www.debian.org/security/2020/dsa-4668 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
History

Mon, 30 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2020-04-15T13:29:46

Updated: 2024-09-30T15:05:39.406Z

Reserved: 2019-12-10T00:00:00

Link: CVE-2020-2781

cve-icon Vulnrichment

Updated: 2024-08-04T07:17:02.849Z

cve-icon NVD

Status : Modified

Published: 2020-04-15T14:15:27.030

Modified: 2023-11-07T03:21:47.950

Link: CVE-2020-2781

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-14T00:00:00Z

Links: CVE-2020-2781 - Bugzilla