CVE-2022-21628 — Allocation of Resources Without Limits or Throttling in Corporation Java SE JDK AND JRE
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 39.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateNov 9
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability ca…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4
Affected Packages6 packages
Also affects: Fedora 35, 36
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-34g7-gffm-5gm5: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server)↗2022-10-19
CVEList▶
CVE-2022-21628: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server)↗2022-10-18
OSV▶
CVE-2022-21628: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server)↗2022-10-18
📋Vendor Advisories
5Microsoft▶
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8↗2022-10-11
Debian▶
CVE-2022-21628: openjdk-11 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...↗2022