CVE-2019-2816

high

Published 2019-07-22 · Modified 2019-09-02

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

RHSA-2019:2590: java-1.8.0-ibm security update (Important)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description OpenJDK: Missing URL format validation (Networking, 8221518) CVSS v3: 4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 6java-1.8.0-openjdk-1:1.8.0.222.b10-0.el6_10RHSA-2019:18112019-07-22T00:00:00Z Red Hat Enterprise Linux 6java-1.7.0-openjdk-1:1.7.0.231-2.6.19.1.el6_10RHSA-2019:18402019-07-23T00:00:00Z…

Description

OpenJDK: Missing URL format validation (Networking, 8221518)

CVSS v3: 4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 6	`java-1.8.0-openjdk-1:1.8.0.222.b10-0.el6_10`	RHSA-2019:1811	2019-07-22T00:00:00Z
Red Hat Enterprise Linux 6	`java-1.7.0-openjdk-1:1.7.0.231-2.6.19.1.el6_10`	RHSA-2019:1840	2019-07-23T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary	`java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el6_10`	RHSA-2019:2494	2019-08-15T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary	`java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10`	RHSA-2019:2592	2019-09-03T00:00:00Z
Red Hat Enterprise Linux 7	`java-11-openjdk-1:11.0.4.11-0.el7_6`	RHSA-2019:1810	2019-07-22T00:00:00Z
Red Hat Enterprise Linux 7	`java-1.8.0-openjdk-1:1.8.0.222.b10-0.el7_6`	RHSA-2019:1815	2019-07-22T00:00:00Z
Red Hat Enterprise Linux 7	`java-1.7.0-openjdk-1:1.7.0.231-2.6.19.1.el7_6`	RHSA-2019:1839	2019-07-23T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary	`java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el7`	RHSA-2019:2495	2019-08-15T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary	`java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el7`	RHSA-2019:2585	2019-09-02T00:00:00Z
Red Hat Enterprise Linux 8	`java-1.8.0-openjdk-1:1.8.0.222.b10-0.el8_0`	RHSA-2019:1816	2019-07-22T00:00:00Z
Red Hat Enterprise Linux 8	`java-11-openjdk-1:11.0.4.11-0.el8_0`	RHSA-2019:1817	2019-07-22T00:00:00Z
Red Hat Enterprise Linux 8	`java-1.8.0-ibm-1:1.8.0.5.40-3.el8_0`	RHSA-2019:2590	2019-09-02T00:00:00Z
Red Hat Satellite 5.8	`java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10`	RHSA-2019:2737	2019-09-11T00:00:00Z

Apply commands

bash fix

Apply RHSA-2019:1811 for Red Hat Enterprise Linux 6

yum update -y java
# or:
dnf upgrade -y java

OS impact

OS	Version	Status	Fixed in
sles		affected
debian	bullseye	fixed	`11.0.4+11-1`
debian	sid	fixed	`11.0.4+11-1`
rhel	8	fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.