CVE-2019-2816

MEDIUM

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://access.redhat.com/errata/RHSA-2019:2494

https://access.redhat.com/errata/RHSA-2019:2495

https://access.redhat.com/errata/RHSA-2019:2585

https://access.redhat.com/errata/RHSA-2019:2590

https://access.redhat.com/errata/RHSA-2019:2592

https://access.redhat.com/errata/RHSA-2019:2737

https://kc.mcafee.com/corporate/index?page=content&id=SB10300

https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us

https://usn.ubuntu.com/4080-1/

https://usn.ubuntu.com/4083-1/

Details

Source: MITRE

Published: 2019-07-23

Updated: 2020-09-08

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Impact Score: 2.5

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.7.0:update221:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update211:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update212:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_221:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_211:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_212:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:11.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:12.0.1:*:*:*:*:*:*:*

Tenable Plugins

View all (72 total)

ID	Name	Product	Family	Severity
145663	CentOS 8 : java-11-openjdk (CESA-2019:1817)	Nessus	CentOS Local Security Checks	medium
145650	CentOS 8 : java-1.8.0-openjdk (CESA-2019:1816)	Nessus	CentOS Local Security Checks	medium
144243	Virtuozzo 7 : java-1.8.0-openjdk / etc (VZLSA-2019-1815)	Nessus	Virtuozzo Local Security Checks	medium
144227	Virtuozzo 7 : java-1.7.0-openjdk / etc (VZLSA-2019-1839)	Nessus	Virtuozzo Local Security Checks	medium
136333	Photon OS 2.0: Openjdk11 PHSA-2020-2.0-0235	Nessus	PhotonOS Local Security Checks	medium
136109	Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290	Nessus	PhotonOS Local Security Checks	medium
136100	Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084	Nessus	PhotonOS Local Security Checks	medium
134412	NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2020-0017)	Nessus	NewStart CGSL Local Security Checks	medium
134409	NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2020-0022)	Nessus	NewStart CGSL Local Security Checks	medium
133912	EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2020-1111)	Nessus	Huawei Local Security Checks	medium
133911	EulerOS 2.0 SP5 : java-1.7.0-openjdk (EulerOS-SA-2020-1110)	Nessus	Huawei Local Security Checks	medium
131866	EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2019-2374)	Nessus	Huawei Local Security Checks	medium
131614	EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2019-2460)	Nessus	Huawei Local Security Checks	medium
130814	EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2019-2105)	Nessus	Huawei Local Security Checks	medium
130725	EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2019-2263)	Nessus	Huawei Local Security Checks	medium
130707	EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2019-2245)	Nessus	Huawei Local Security Checks	medium
130102	Photon OS 3.0: Openjdk8 PHSA-2019-3.0-0035	Nessus	PhotonOS Local Security Checks	medium
128872	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2371-1)	Nessus	SuSE Local Security Checks	high
128858	RHEL 6 : java-1.8.0-ibm (RHSA-2019:2737)	Nessus	Red Hat Local Security Checks	high
128736	Photon OS 2.0: Openjdk8 PHSA-2019-2.0-0173	Nessus	PhotonOS Local Security Checks	medium
128710	Photon OS 1.0: Openjdk PHSA-2019-1.0-0250	Nessus	PhotonOS Local Security Checks	medium
128697	NewStart CGSL MAIN 4.06 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0178)	Nessus	NewStart CGSL Local Security Checks	medium
128692	NewStart CGSL MAIN 4.06 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0175)	Nessus	NewStart CGSL Local Security Checks	medium
128628	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2019:2336-1)	Nessus	SuSE Local Security Checks	medium
128520	SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2291-1)	Nessus	SuSE Local Security Checks	high
128451	RHEL 6 : java-1.8.0-ibm (RHSA-2019:2592)	Nessus	Red Hat Local Security Checks	high
128449	RHEL 8 : java-1.8.0-ibm (RHSA-2019:2590)	Nessus	Red Hat Local Security Checks	high
128447	RHEL 7 : java-1.8.0-ibm (RHSA-2019:2585)	Nessus	Red Hat Local Security Checks	high
128292	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2019-1269)	Nessus	Amazon Linux Local Security Checks	medium
128291	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2019-1268)	Nessus	Amazon Linux Local Security Checks	medium
128285	Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2019-1269)	Nessus	Amazon Linux Local Security Checks	medium
128284	Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2019-1268)	Nessus	Amazon Linux Local Security Checks	medium
128008	openSUSE Security Update : java-11-openjdk (openSUSE-2019-1916)	Nessus	SuSE Local Security Checks	medium
128004	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1912)	Nessus	SuSE Local Security Checks	medium
127988	RHEL 7 : java-1.7.1-ibm (RHSA-2019:2495)	Nessus	Red Hat Local Security Checks	medium
127987	RHEL 6 : java-1.7.1-ibm (RHSA-2019:2494)	Nessus	Red Hat Local Security Checks	medium
127809	Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2019-1811)	Nessus	Virtuozzo Local Security Checks	medium
127800	Ubuntu 18.04 LTS / 19.04 : OpenJDK 11 vulnerabilities (USN-4083-1)	Nessus	Ubuntu Local Security Checks	medium
127797	Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)	Nessus	Ubuntu Local Security Checks	medium
127762	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:2036-1)	Nessus	SuSE Local Security Checks	medium
127758	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:2028-1) (Spectre)	Nessus	SuSE Local Security Checks	medium
127757	SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:2021-1)	Nessus	SuSE Local Security Checks	medium
127745	SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:2002-1)	Nessus	SuSE Local Security Checks	medium
127602	Oracle Linux 8 : java-11-openjdk (ELSA-2019-1817)	Nessus	Oracle Linux Local Security Checks	medium
127601	Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-1816)	Nessus	Oracle Linux Local Security Checks	medium
127034	Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20190724)	Nessus	Scientific Linux Local Security Checks	medium
127031	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2019-1840)	Nessus	Oracle Linux Local Security Checks	medium
126993	CentOS 6 : java-1.7.0-openjdk (CESA-2019:1840)	Nessus	CentOS Local Security Checks	medium
126992	CentOS 7 : java-1.7.0-openjdk (CESA-2019:1839)	Nessus	CentOS Local Security Checks	medium
126991	CentOS 7 : java-1.8.0-openjdk (CESA-2019:1815)	Nessus	CentOS Local Security Checks	medium
126990	CentOS 6 : java-1.8.0-openjdk (CESA-2019:1811)	Nessus	CentOS Local Security Checks	medium
126989	CentOS 7 : java-11-openjdk (CESA-2019:1810)	Nessus	CentOS Local Security Checks	medium
126974	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20190723)	Nessus	Scientific Linux Local Security Checks	medium
126973	RHEL 6 : java-1.7.0-openjdk (RHSA-2019:1840)	Nessus	Red Hat Local Security Checks	medium
126972	RHEL 7 : java-1.7.0-openjdk (RHSA-2019:1839)	Nessus	Red Hat Local Security Checks	medium
126971	Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2019-1839)	Nessus	Oracle Linux Local Security Checks	medium
126967	Debian DSA-4486-1 : openjdk-11 - security update	Nessus	Debian Local Security Checks	medium
126966	Debian DSA-4485-1 : openjdk-8 - security update	Nessus	Debian Local Security Checks	medium
126958	Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)	Nessus	Amazon Linux Local Security Checks	medium
126946	Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20190722)	Nessus	Scientific Linux Local Security Checks	medium
126945	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20190722)	Nessus	Scientific Linux Local Security Checks	medium
126944	Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20190722)	Nessus	Scientific Linux Local Security Checks	medium
126943	RHEL 8 : java-11-openjdk (RHSA-2019:1817)	Nessus	Red Hat Local Security Checks	medium
126942	RHEL 8 : java-1.8.0-openjdk (RHSA-2019:1816)	Nessus	Red Hat Local Security Checks	medium
126941	RHEL 7 : java-1.8.0-openjdk (RHSA-2019:1815)	Nessus	Red Hat Local Security Checks	medium
126940	RHEL 6 : java-1.8.0-openjdk (RHSA-2019:1811)	Nessus	Red Hat Local Security Checks	medium
126939	RHEL 7 : java-11-openjdk (RHSA-2019:1810)	Nessus	Red Hat Local Security Checks	medium
126938	Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2019-1815)	Nessus	Oracle Linux Local Security Checks	medium
126937	Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2019-1811)	Nessus	Oracle Linux Local Security Checks	medium
126936	Oracle Linux 7 : java-11-openjdk (ELSA-2019-1810)	Nessus	Oracle Linux Local Security Checks	medium
126821	Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)	Nessus	Windows	medium
126820	Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU) (Unix)	Nessus	Misc.	medium

CVE-2019-2816

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

high

medium

medium

medium

medium

medium

high

high

high

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium