PT-2020-1456 · Oracle+5 · Java Se Embedded+7

Published

2020-01-14

·

Updated

2026-05-08

·

CVE-2020-2583

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Java SE versions 7u241, 8u231, 11.0.5, and 13.0.1 Java SE Embedded version 8u231
Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded, resulting in a partial denial of service. This issue is difficult to exploit and applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. It can also be exploited through APIs in the specified component, such as through a web service supplying data to the APIs.
Recommendations For Java SE versions 7u241, 8u231, 11.0.5, and 13.0.1, update to a version that includes the fix for this issue. For Java SE Embedded version 8u231, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Serialization component until a patch is available. Avoid using APIs in the Serialization component that may be exploited by an attacker until the issue is resolved.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Improper Handling of Exceptional Conditions

Weakness Enumeration

CWE-770CWE-755

Related Identifiers

BDU:2020-00439
BIT-JAVA-2020-2583
BIT-JAVA-MIN-2020-2583
BIT-JRE-2020-2583
CESA-2020_0122
CESA-2020_0128
CESA-2020_0157
CESA-2020_0196
CESA-2020_0202
CESA-2020_0465
CESA-2020_0541
CESA-2020_0632
CVE-2020-2583
DLA-2128-1
DSA-4605-1
DSA-4621-1
MGASA-2020-0069
OPENSUSE-SU-2020:0113-1
OPENSUSE-SU-2020:0147-1
OPENSUSE-SU-2020_0113-1
OPENSUSE-SU-2020_0147-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
RHSA-2020:0122
RHSA-2020:0128
RHSA-2020:0157
RHSA-2020:0196
RHSA-2020:0202
RHSA-2020:0231
RHSA-2020:0232
RHSA-2020:0465
RHSA-2020:0467
RHSA-2020:0468
RHSA-2020:0469
RHSA-2020:0470
RHSA-2020:0541
RHSA-2020:0632
RHSA-2020:0856
RHSA-2020_0122
RHSA-2020_0128
RHSA-2020_0157
RHSA-2020_0196
RHSA-2020_0202
RHSA-2020_0465
RHSA-2020_0467
RHSA-2020_0468
RHSA-2020_0469
RHSA-2020_0470
RHSA-2020_0541
RHSA-2020_0632
SUSE-SU-2020:0140-1
SUSE-SU-2020:0213-1
SUSE-SU-2020:0231-1
SUSE-SU-2020:0261-1
SUSE-SU-2020:0456-1
SUSE-SU-2020:0466-1
SUSE-SU-2020:0528-1
SUSE-SU-2020:0628-1
SUSE-SU-2020:14286-1
SUSE-SU-2020:14287-1
SUSE-SU-2020_0231-1
SUSE-SU-2020_0261-1
SUSE-SU-2020_0456-1
SUSE-SU-2020_0628-1
SUSE-SU-2020_14287-1
USN-4257-1

Affected Products

Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu