November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Red Hat update for python27-python and python27-python-jinja2 Multiple Vulnerabilities
May 23, 2019Rewterz Threat Advisory – Wireshark Dissection Engine Denial of Service Vulnerability
May 23, 2019Rewterz Threat Advisory – Red Hat update for python27-python and python27-python-jinja2 Multiple Vulnerabilities
May 23, 2019Rewterz Threat Advisory – Wireshark Dissection Engine Denial of Service Vulnerability
May 23, 2019
Severity
Medium
Analysis summary
Amazon Linux has issued an update for java-1.7.0-openjdk fixing multiple vulnerabilities as given below.
CVE-2019-2698
A vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D), which is difficult to exploit and allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
CVE-2019-2602
This is a vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) which is easily exploitable and allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded.
CVE-2019-2684
This vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI) is a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
Impact
- System access
- Denial of Service
- Manipulation of data
Affected Vendors
Amazon
Affected Products
- Amazon Linux 2
- java-1.7.0-openjdk
Remediation
Run yum update java-1.7.0-openjdk to update your system.