Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Cve - Cve-2019-2684 PDF

    Hochgeladen von

    Spit Fire
    25 Ansichten2 Seiten
    This vulnerability allows an unauthenticated attacker to compromise Java SE and Java SE Embedded. It is a difficulty to exploit vulnerability that can result in unauthorized access to critical data or all accessible data. It affects supported versions of Java SE, Java SE Embedded, and other Java deployments running untrusted code. References are provided from various security advisories about patches and updates.

    Originalbeschreibung:

    Originaltitel

    CVE - CVE-2019-2684.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This vulnerability allows an unauthenticated attacker to compromise Java SE and Java SE Embedded. It is a difficulty to exploit vulnerability that can result in unauthorized access to critical data or all accessible data. It affects supported versions of Java SE, Java SE Embedded, and other Java deployments running untrusted code. References are provided from various security advisories about patches and updates.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    25 Ansichten2 Seiten

    Cve - Cve-2019-2684 PDF

    Hochgeladen von

    Spit Fire
    This vulnerability allows an unauthenticated attacker to compromise Java SE and Java SE Embedded. It is a difficulty to exploit vulnerability that can result in unauthorized access to critical data or all accessible data. It affects supported versions of Java SE, Java SE Embedded, and other Java deployments running untrusted code. References are provided from various security advisories about patches and updates.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    CVE - CVE-2019-2684 1/16/20, 2(31 PM

    CVE List CNAs WGs Board About


    News & Blog Go to for:
    CVSS Scores
    CPE Info
    Advanced Search
    Common Vulnerabilities and Exposures

    Full-Screen View
    CVE-ID

    CVE-2019-2684 Learn more at National Vulnerability Database (NVD)


    • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

    Description
    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE:
    7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via
    multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or
    modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in
    clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes
    from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g.,
    through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector:
    (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
    References
    Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

    BUGTRAQ:20190530 [SECURITY] [DSA 4453-1] openjdk-8 security update


    URL:https://seclists.org/bugtraq/2019/May/75
    CONFIRM:https://support.f5.com/csp/article/K11175903?utm_source=f5support&utm_medium=RSS
    CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
    DEBIAN:DSA-4453
    URL:https://www.debian.org/security/2019/dsa-4453
    GENTOO:GLSA-201908-10
    URL:https://security.gentoo.org/glsa/201908-10
    MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
    MLIST:[announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation
    URL:https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108@%3Cannounce.apache.org%3E
    MLIST:[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update
    URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html
    MLIST:[tomcat-announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation
    URL:https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67@%3Cannounce.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation
    URL:https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20191218 svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html
    xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml
    URL:https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-users] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation
    URL:https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7@%3Cusers.tomcat.apache.org%3E
    REDHAT:RHBA-2019:0959
    URL:https://access.redhat.com/errata/RHBA-2019:0959
    REDHAT:RHSA-2019:1146
    URL:https://access.redhat.com/errata/RHSA-2019:1146
    REDHAT:RHSA-2019:1163
    URL:https://access.redhat.com/errata/RHSA-2019:1163
    REDHAT:RHSA-2019:1164
    URL:https://access.redhat.com/errata/RHSA-2019:1164
    REDHAT:RHSA-2019:1165
    URL:https://access.redhat.com/errata/RHSA-2019:1165
    REDHAT:RHSA-2019:1166
    URL:https://access.redhat.com/errata/RHSA-2019:1166
    REDHAT:RHSA-2019:1238
    URL:https://access.redhat.com/errata/RHSA-2019:1238
    REDHAT:RHSA-2019:1325
    URL:https://access.redhat.com/errata/RHSA-2019:1325
    REDHAT:RHSA-2019:1518
    URL:https://access.redhat.com/errata/RHSA-2019:1518

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684 Page 1 of 2
    CVE - CVE-2019-2684 1/16/20, 2(31 PM

    SUSE:openSUSE-SU-2019:1327
    URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html
    SUSE:openSUSE-SU-2019:1438
    URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
    SUSE:openSUSE-SU-2019:1439
    URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
    SUSE:openSUSE-SU-2019:1500
    URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
    UBUNTU:USN-3975-1
    URL:https://usn.ubuntu.com/3975-1/

    Assigning CNA
    Oracle
    Date Entry Created
    20181214 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate
    when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

    Phase (Legacy)
    Assigned (20181214)
    Votes (Legacy)

    Comments (Legacy)

    Proposed (Legacy)
    N/A
    This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

    SEARCH CVE USING KEYWORDS: Submit


    You can also search by reference using the CVE Reference Maps.

    For More Information: CVE Request Web Form (select “Other” from dropdown)

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684 Page 2 of 2

    Das könnte Ihnen auch gefallen