Home > Vulnerability Database > CVE-2019-2602

Mend.io Vulnerability Database

CVE-2019-2602

Date: April 23, 2019

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Severity Score

7.5

Related Resources (27)

Url: https://security-tracker.debian.org/tracker/CVE-2019-2602

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

Url: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2602

Url: https://access.redhat.com/errata/RHSA-2019:1166

Url: https://access.redhat.com/errata/RHSA-2019:1165

Url: https://access.redhat.com/errata/RHSA-2019:1164

Url: https://seclists.org/bugtraq/2019/May/75

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

Url: https://access.redhat.com/errata/RHSA-2019:1325

Url: https://kc.mcafee.com/corporate/index?page=content&id=SB10285

Url: https://access.redhat.com/errata/RHSA-2019:1146

Url: https://security.gentoo.org/glsa/201908-10

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

Url: https://access.redhat.com/errata/RHSA-2019:1163

Url: https://usn.ubuntu.com/3975-1/

Url: https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html

Url: https://access.redhat.com/security/cve/CVE-2019-2602

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

Url: https://access.redhat.com/errata/RHBA-2019:0959

Url: https://www.debian.org/security/2019/dsa-4453

Url: https://security.alpinelinux.org/vuln/CVE-2019-2602

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-2602

Url: https://access.redhat.com/errata/RHSA-2019:1238

Url: https://access.redhat.com/errata/RHSA-2019:1518

Url: https://www.mend.io/vulnerability-database/CVE-2019-2602

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-2602

Date: April 23, 2019

Severity Score

Related Resources (27)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?