CVE-2019-2449Corporation Java vulnerability

9 documents6 sources
Severity
3.1LOWNVD
EPSS
2.4%
top 14.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Oracle Corporation JavaNetapp Oncommand Unified ManagerOracle JDK+7 more
Timeline
PublishedJan 16
Latest updateMay 13

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. N

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages8 packages

CVEListV5oracle_corporation/javaJava SE: 8u192
NVDoracle/jdk1.8.0
NVDoracle/jre1.8.0

Also affects: Enterprise Linux 8.0, 8.6

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-f342-vvpf-f8xr: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment)2022-05-13
CVEList
CVE-2019-2449: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment)2019-01-16

📋Vendor Advisories

2
Red Hat
JDK: unspecified vulnerability fixed in 8u201 (Deployment)2019-01-15
Debian
CVE-2019-2449: openjdk-8 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployme...2019

💬Community

3
Bugzilla
CVE-2019-16928 exim: remotely triggerable buffer overflow in string_vformat()2019-09-30
Bugzilla
CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig2019-09-26
Bugzilla
CVE-2019-2449 Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment)2019-03-05
CVE-2019-2449 — Oracle Corporation Java vulnerability | cvebase