Lucene search

OracleCVE-2019-2973

HistoryOct 16, 2019 - 6:15 p.m.

CVE-2019-2973

2019-10-1618:15:31

oracle

web.nvd.nist.gov

285

cve-2019-2973

oracle

java se

jaxp

vulnerability

unauthorized access

denial of service

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Nvd

Vulners

Node

oraclejdkMatch1.7.0update231

oraclejdkMatch1.8.0update221

oraclejdkMatch11.0.4

oraclejdkMatch13.0.0

oraclejreMatch1.7.0update231

oraclejreMatch1.8.0update221

oraclejreMatch11.0.4

oraclejreMatch13.0.0

Node

redhatsatelliteMatch5.8

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

netappactive_iq_unified_managerRange7.3≥windows

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netappe-series_santricity_os_controllerRange11.0.0–11.50.2

netappe-series_santricity_storage_managerMatch-

netappe-series_santricity_unified_managerMatch-

netappe-series_santricity_web_services_proxyMatch-

netapponcommand_workflow_automationMatch-

netappsnapmanagerMatch-oracle

netappsnapmanagerMatch-sap

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

canonicalubuntu_linuxMatch19.10

VendorProductVersionCPE
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update231:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update221:*:*:*:*:*:*
oraclejdk11.0.4cpe:2.3:a:oracle:jdk:11.0.4:*:*:*:*:*:*:*
oraclejdk13.0.0cpe:2.3:a:oracle:jdk:13.0.0:*:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update231:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update221:*:*:*:*:*:*
oraclejre11.0.4cpe:2.3:a:oracle:jre:11.0.4:*:*:*:*:*:*:*
oraclejre13.0.0cpe:2.3:a:oracle:jre:13.0.0:*:*:*:*:*:*:*
redhatsatellite5.8cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update231::::::
oracle	jdk	1.8.0	cpe:2.3:a:oracle:jdk:1.8.0:update221::::::
oracle	jdk	11.0.4	cpe:2.3:a:oracle:jdk:11.0.4:::::::*
oracle	jdk	13.0.0	cpe:2.3:a:oracle:jdk:13.0.0:::::::*
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update231::::::
oracle	jre	1.8.0	cpe:2.3:a:oracle:jre:1.8.0:update221::::::
oracle	jre	11.0.4	cpe:2.3:a:oracle:jre:11.0.4:::::::*
oracle	jre	13.0.0	cpe:2.3:a:oracle:jre:13.0.0:::::::*
redhat	satellite	5.8	cpe:2.3:a:redhat:satellite:5.8:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Rows per page:

1-10 of 391

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 7u231, 8u221, 11.0.4, 13"
      },
      {
        "status": "affected",
        "version": "Java SE Embedded: 8u221"
      }
    ]
  }
]