CVE-2019-2602

Name of the Vulnerable Software and Affected Versions Java SE versions 7u211, 8u202, 11.0.2, and 12 Java SE Embedded version 8u201

Description The issue is related to insufficient access controls in the Libraries component of Oracle Java SE and Java SE Embedded. It can be exploited by a remote attacker to cause a denial of service using network protocols. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of Java SE and Java SE Embedded. This can be achieved by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.

Recommendations For Java SE versions 7u211, 8u202, 11.0.2, and 12, update to a version that contains the fix for this issue. For Java SE Embedded version 8u201, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the Libraries component until a patch is available. Avoid using APIs in the specified component without proper validation and sanitization of input data.