Lucene search

[email protected]CVE-2019-2842

HistoryJul 23, 2019 - 11:15 p.m.

CVE-2019-2842

2019-07-2323:15:45

[email protected]

web.nvd.nist.gov

341

cve-2019-2842

oracle java se

jce

java se 8u212

vulnerability

unauthenticated

network access

dos

java sandbox

web service

cvss 3.0

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

3.8 Low

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.6%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

NVD

Node

oraclejdkMatch1.8.0update212

oraclejreMatch1.8.0update212

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

hpxp7_command_viewRange<8.7.0-00advanced

Node

mcafeeepolicy_orchestratorMatch5.9.0

mcafeeepolicy_orchestratorMatch5.9.1

mcafeeepolicy_orchestratorMatch5.10.0-

mcafeeepolicy_orchestratorMatch5.10.0update_1

mcafeeepolicy_orchestratorMatch5.10.0update_2

mcafeeepolicy_orchestratorMatch5.10.0update_3

mcafeeepolicy_orchestratorMatch5.10.0update_4

Node

canonicalubuntu_linuxMatch16.04esm

CPENameOperatorVersion
oracle:jdkoracle jdkeq1.8.0
oracle:jreoracle jreeq1.8.0

CPE	Name	Operator	Version
oracle:jdk	oracle jdk	eq	1.8.0
oracle:jre	oracle jre	eq	1.8.0

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 8u212"
      }
    ]
  }
]