Denial of service in Oracle Java SE

#VU17052 Denial of service in Oracle Java SE

Published: 2019-01-17

Vulnerability identifier: #VU17052

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2449

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Java SE
Universal components / Libraries / Software for developers

Vendor: Oracle

Description
The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to unspecified flaw in Deployment component. A remote attacker cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Oracle Java SE: 8u192

External links
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)

Multiple vulnerabilities in Dell EMC Search

Multiple vulnerabilities in Dell EMC Data Protection Advisor

Multiple vulnerabilities in Dell EMC Integrated Data Protection Appliance

Multiple vulnerabilities in IBM Cloud Transformation Advisor

Multiple vulnerabilities in Oracle Java SE