Remote Code Execution (RCE) Via Partial Denial Of Service (DoS)

2019-10-1700:22:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

32.3%

JSON

OpenJDK is vulnerable to remote code execution (RCE). It is possible because it causes an unexpected exception thrown during Font object deserialization, leading to a partial denial of service (DoS) of Java SE. A client using a Java sandbox or using a Java web service with data supplies to APIs can be exploited to run a malicious code through this.

CPENameOperatorVersion
java-1.8.0-openjdkeq1.8.0.121__0.b13.el6_8
java-1.8.0-openjdkeq1.8.0.222.b03__1.el7
java-1.8.0-openjdkeq1.8.0.45__28.b13.el6_6
java-1.8.0-openjdkeq1.8.0.222.b10__0.el7_6
java-1.8.0-openjdkeq1.8.0.181__3.b13.el7_5
java-1.8.0-openjdkeq1.8.0.91__1.b14.el6
java-1.8.0-openjdkeq1.8.0.201.b09__2.el6_10
java-1.8.0-openjdkeq1.8.0.141__3.b16.el6_9
java-1.8.0-openjdkeq1.8.0.65__0.b17.el6_7
java-1.8.0-openjdkeq1.8.0.111__0.b15.el6_8

Name	Operator	Version
java-1.8.0-openjdk	eq	1.8.0.121__0.b13.el6_8
java-1.8.0-openjdk	eq	1.8.0.222.b03__1.el7
java-1.8.0-openjdk	eq	1.8.0.45__28.b13.el6_6
java-1.8.0-openjdk	eq	1.8.0.222.b10__0.el7_6
java-1.8.0-openjdk	eq	1.8.0.181__3.b13.el7_5
java-1.8.0-openjdk	eq	1.8.0.91__1.b14.el6
java-1.8.0-openjdk	eq	1.8.0.201.b09__2.el6_10
java-1.8.0-openjdk	eq	1.8.0.141__3.b16.el6_9
java-1.8.0-openjdk	eq	1.8.0.65__0.b17.el6_7
java-1.8.0-openjdk	eq	1.8.0.111__0.b15.el6_8