Rewterz Threat Advisory – CVE-2017-2302 – Juniper Junos OS RPD Denial of Service Vulnerability
March 4, 2019Rewterz Threat Alert – Cobalt Group Activity Discovered
March 4, 2019Rewterz Threat Advisory – CVE-2017-2302 – Juniper Junos OS RPD Denial of Service Vulnerability
March 4, 2019Rewterz Threat Alert – Cobalt Group Activity Discovered
March 4, 2019Severity : Medium
Analysis Summary
CVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
CVE-2018-12549
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2018-11212
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2019-2449
The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.
CVE-2019-2426
Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.
CVE-2019-2422
Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.
Impact
- System access
- Exposure of sensitive information
- Denial of Service
Affected Products
- IBM Java 7.x
- IBM Java 8.x
Remediation
Update to a fixed version.
- Versions 7.x: Update to version 7 SR10-FP40 or 7R1 SR4-FP40.
- Versions 8.x: Update to version 8 SR5-FP30.