PT-2022-6865 · Oracle+10 · Java Se+12

Published

2022-10-18

·

Updated

2026-05-08

·

CVE-2022-21628

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0
Description The issue is related to the Lightweight HTTP Server component and allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE and Oracle GraalVM Enterprise Edition, resulting in a partial denial of service. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets.
Recommendations For Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Lightweight HTTP Server component until a patch is available. Avoid using the affected Java deployments in environments where untrusted code is executed, and rely on the Java sandbox for security.

Exploit

Fix

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-20

Related Identifiers

ALSA-2022:6999
ALSA-2022:7000
ALSA-2022:7006
ALSA-2022:7007
ALSA-2022:7012
ALSA-2022:7013
ALT-PU-2022-7669
ALT-PU-2022-7670
ALT-PU-2022-7671
ALT-PU-2022-7672
ALT-PU-2023-8449
ALT-PU-2023-8454
ALT-PU-2023-8460
ALT-PU-2025-6317
BDU:2023-05213
BIT-JAVA-2022-21628
BIT-JAVA-MIN-2022-21628
BIT-JRE-2022-21628
CESA-2022_7000
CESA-2022_7002
CESA-2022_7006
CESA-2022_7008
CESA-2022_7012
CESA-2023_0128
CVE-2022-21628
DLA-3307-1
DSA-5331-1
DSA-5335-1
MGASA-2022-0435
OESA-2022-2150
OESA-2022-2151
OESA-2022-2152
OESA-2022-2154
OPENSUSE-SU-2022_4078-1
OPENSUSE-SU-2022_4079-1
OPENSUSE-SU-2022_4166-1
OPENSUSE-SU-2022_4250-1
OPENSUSE-SU-2022_4452-1
OPENSUSE-SU-2024:12431-1
OPENSUSE-SU-2024:12432-1
OPENSUSE-SU-2024:12441-1
OPENSUSE-SU-2024:12442-1
OPENSUSE-SU-2024:12463-1
OPENSUSE-SU-2024:12464-1
OPENSUSE-SU-2024:12526-1
OPENSUSE-SU-2024:12546-1
OPENSUSE-SU-2025:0066-1
OPENSUSE-SU-2025:0067-1
RHSA-2022:6999
RHSA-2022:7000
RHSA-2022:7001
RHSA-2022:7002
RHSA-2022:7003
RHSA-2022:7004
RHSA-2022:7005
RHSA-2022:7006
RHSA-2022:7007
RHSA-2022:7008
RHSA-2022:7009
RHSA-2022:7010
RHSA-2022:7011
RHSA-2022:7012
RHSA-2022:7013
RHSA-2022:8880
RHSA-2022_6999
RHSA-2022_7000
RHSA-2022_7002
RHSA-2022_7006
RHSA-2022_7007
RHSA-2022_7008
RHSA-2022_7012
RHSA-2022_7013
RHSA-2022_8880
RHSA-2023:0128
RHSA-2023_0128
RLSA-2022:6999
RLSA-2022:7000
RLSA-2022:7006
RLSA-2022:7007
RLSA-2022:7012
RLSA-2022:7013
ROSA-SA-2023-2151
SUSE-SU-2022:4078-1
SUSE-SU-2022:4079-1
SUSE-SU-2022:4080-1
SUSE-SU-2022:4166-1
SUSE-SU-2022:4250-1
SUSE-SU-2022:4290-1
SUSE-SU-2022:4373-1
SUSE-SU-2022:4452-1
USN-5719-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Java Platform
Java Se
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu