PT-2019-3664 · Oracle+4 · Java Se+5

Published

2019-10-15

·

Updated

2024-06-15

·

CVE-2019-2987

CVSS v2.0

5.4

Medium

VectorAV:N/AC:H/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.4 and 13
Description The issue exists due to insufficient input validation in the 2D component of Oracle Java SE, allowing a remote attacker to cause a partial denial of service. This vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols, compromising Java SE. It affects Java deployments that load and run untrusted code, relying on the Java sandbox for security. The vulnerability can also be exploited through APIs in the specified component.
Recommendations For Java SE version 11.0.4, update to a version that includes the fix for this issue. For Java SE version 13, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the 2D component until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-03884
CESA-2019_3127
CESA-2019_3128
CESA-2019_3134
CESA-2019_3135
CESA-2019_3136
CESA-2019_3157
CESA-2019_3158
CVE-2019-2987
DLA-2023-1
DSA-4546-1
DSA-4548-1
MGASA-2019-0302
OPENSUSE-SU-2019:2557-1
OPENSUSE-SU-2019:2565-1
OPENSUSE-SU-2019:2687-1
OPENSUSE-SU-2019_2557-1
OPENSUSE-SU-2019_2565-1
OPENSUSE-SU-2019_2687-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
RHSA-2019:3127
RHSA-2019:3128
RHSA-2019:3134
RHSA-2019:3135
RHSA-2019:3136
RHSA-2019:3157
RHSA-2019:3158
RHSA-2019_3127
RHSA-2019_3128
RHSA-2019_3134
RHSA-2019_3135
RHSA-2019_3136
RHSA-2019_3157
RHSA-2019_3158
SUSE-SU-2019:2998-1
SUSE-SU-2019:3083-1
SUSE-SU-2019:3084-1
SUSE-SU-2019:3238-1
SUSE-SU-2020:0025-1
USN-4223-1

Affected Products

Centos
Java Platform
Java Se
Red Hat
Suse
Ubuntu