CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
72.4%
A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to
insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service
A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could
Allow a remote attacker to cause a partial denial of service
Vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine
GraalVM Enterprise Edition is associated with in-memory recovery of invalid data. Exploitation
vulnerability could allow an attacker acting remotely to cause a denial of service
Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to information disclosure. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is related to writing outside of buffer boundaries. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data
A vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is related to the execution of a loop with an inaccessible exit condition. Exploitation of the vulnerability
could allow an attacker acting remotely to cause a denial of service
A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to insufficient input validation. Exploitation of the vulnerability could
Allow a remote attacker to cause a partial denial of service
Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is associated with cross-boundary critical data deletion errors. Exploitation of the vulnerability
could allow an attacker acting remotely to disclose protected information
A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is associated with unrestricted resource allocation. Exploitation of the vulnerability could
Allow an attacker acting remotely to cause a denial of service
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | java-1.8.0-openjdk | < 1.8.0.402.b06-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
72.4%