Candidate: CVE-2019-2766
PublicDate: 2019-07-23 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2766
 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
 https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/5572395.xml
Description:
 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
 (subcomponent: Networking). Supported versions that are affected are Java
 SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to
 exploit vulnerability allows unauthenticated attacker with network access
 via multiple protocols to compromise Java SE, Java SE Embedded. Successful
 attacks require human interaction from a person other than the attacker.
 Successful attacks of this vulnerability can result in unauthorized read
 access to a subset of Java SE, Java SE Embedded accessible data. Note: This
 vulnerability applies to Java deployments, typically in clients running
 sandboxed Java Web Start applications or sandboxed Java applets (in Java SE
 8), that load and run untrusted code (e.g., code that comes from the
 internet) and rely on the Java sandbox for security. This vulnerability can
 also be exploited by using APIs in the specified Component, e.g., through a
 web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1
 (Confidentiality impacts). CVSS Vector:
 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Ubuntu-Description:
Notes:
 sbeattie> file:// url handler on windows
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N [3.1 LOW]


Patches_openjdk-7:
upstream_openjdk-7: needs-triage
precise/esm_openjdk-7: DNE
trusty_openjdk-7: ignored (out of standard support)
trusty/esm_openjdk-7: DNE
xenial_openjdk-7: DNE
bionic_openjdk-7: DNE
disco_openjdk-7: DNE
devel_openjdk-7: DNE

Patches_openjdk-12:
upstream_openjdk-12: released (12.0.2+9-1)
precise/esm_openjdk-12: DNE
trusty_openjdk-12: ignored (out of standard support)
trusty/esm_openjdk-12: DNE
xenial_openjdk-12: DNE
bionic_openjdk-12: DNE
disco_openjdk-12: not-affected (windows only)
devel_openjdk-12: not-affected (windows only)

Patches_openjdk-lts:
upstream_openjdk-lts: released (11.0.4+11-1)
precise/esm_openjdk-lts: DNE
trusty_openjdk-lts: DNE
trusty/esm_openjdk-lts: DNE
xenial_openjdk-lts: DNE
bionic_openjdk-lts: not-affected (windows only)
disco_openjdk-lts: not-affected (windows only)
devel_openjdk-lts: not-affected (windows only)

Patches_openjdk-8:
upstream_openjdk-8: released (8u222-b10-1)
precise/esm_openjdk-8: DNE
trusty_openjdk-8: ignored (out of standard support)
trusty/esm_openjdk-8: DNE
xenial_openjdk-8: not-affected (windows only)
esm-infra/xenial_openjdk-8: not-affected (windows only)
bionic_openjdk-8: not-affected (windows only)
disco_openjdk-8: not-affected (windows only)
devel_openjdk-8: not-affected (windows only)