CVE-2019-2945
First published: Mon Oct 14 2019(Updated: )
An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.8.0-openjdk-1:1.8.0.232.b09-1.el6_10 | 1.8.0-openjdk-1:1.8.0.232.b09-1.el6_10 |
| redhat/java | <1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el6_10 | 1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el6_10 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el6_10 | 1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el6_10 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 | 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 |
| redhat/java | <11-openjdk-1:11.0.5.10-0.el7_7 | 11-openjdk-1:11.0.5.10-0.el7_7 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.232.b09-0.el7_7 | 1.8.0-openjdk-1:1.8.0.232.b09-0.el7_7 |
| redhat/java | <1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el7_7 | 1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el7_7 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.232.b09-0.el8_0 | 1.8.0-openjdk-1:1.8.0.232.b09-0.el8_0 |
| redhat/java | <11-openjdk-1:11.0.5.10-0.el8_0 | 11-openjdk-1:11.0.5.10-0.el8_0 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.0-3.el8_1 | 1.8.0-ibm-1:1.8.0.6.0-3.el8_1 |
| IBM Engineering Requirements Quality Assistant On-Premises | <=All | |
| debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.25~5ea-1 | |
| debian/openjdk-8 | 8u422-b05-1 | |
| Oracle JDK 6 | =1.7.0-update231 | |
| Oracle JDK 6 | =1.8.0-update221 | |
| Oracle JDK 6 | =11.0.4 | |
| Oracle JDK 6 | =13.0.0 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update231 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update221 | |
| Oracle Java Runtime Environment (JRE) | =11.0.4 | |
| Oracle Java Runtime Environment (JRE) | =13.0.0 | |
| redhat satellite | =5.8 | |
| Red Hat Enterprise Linux | =8.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| redhat enterprise Linux eus | =7.7 | |
| redhat enterprise Linux eus | =8.1 | |
| redhat enterprise Linux eus | =8.6 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.7 | |
| redhat enterprise Linux server tus | =7.7 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat enterprise Linux workstation | =7.0 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.50.2 | |
| netapp e-series santricity storage manager | ||
| netapp e-series santricity unified manager | ||
| NetApp E-Series SANtricity Web Services Proxy | ||
| NetApp OnCommand Workflow Automation | ||
| netapp snapmanager Oracle | ||
| netapp snapmanager sap | ||
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.04 | |
| Ubuntu Linux | =19.10 | |
| openSUSE | =15.0 | |
| openSUSE | =15.1 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.04 | |
| Ubuntu | =19.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-2945 https://nvd.nist.gov/vuln/detail/CVE-2019-2945
- https://bugzilla.redhat.com/show_bug.cgi?id=1761596
- https://access.redhat.com/errata/RHSA-2019:3136
- https://access.redhat.com/errata/RHSA-2019:3158
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:3127
- https://access.redhat.com/errata/RHSA-2019:3128
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:4110
- https://access.redhat.com/errata/RHSA-2019:4115
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://access.redhat.com/errata/RHSA-2020:0046
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/security/cve/cve-2019-2945
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://seclists.org/bugtraq/2019/Oct/31
- https://seclists.org/bugtraq/2019/Oct/27
- https://www.debian.org/security/2019/dsa-4546
- https://www.debian.org/security/2019/dsa-4548
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://launchpad.net/bugs/cve/CVE-2019-2945
- https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c7602effc480
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dd50896e9dec
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e3a604d3d1ba
- https://exchange.xforce.ibmcloud.com/vulnerabilities/169250
- https://www.ibm.com/support/pages/node/6398724 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2019-2945
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2945
- https://nvd.nist.gov/vuln/detail/CVE-2019-2945
- https://ubuntu.com/security/CVE-2019-2945
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID of this Java SE vulnerability?
The vulnerability ID of this Java SE vulnerability is CVE-2019-2945.
What component of Java SE is affected by this vulnerability?
This vulnerability affects the Networking component of Java SE.
Which versions of Java SE are affected by this vulnerability?
The affected versions of Java SE are 7u231, 8u221, 11.0.4, and 13.
Is this vulnerability difficult to exploit?
Yes, this vulnerability is difficult to exploit.
How can I fix this vulnerability?
To fix this vulnerability, update to the recommended versions listed in the Red Hat Security Advisory.
- collector/redhat-cve
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-2945
- agent/type
- agent/first-publish-date
- agent/severity
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/ibm
- canonical/ibm engineering requirements quality assistant on-premises
- version/ibm engineering requirements quality assistant on-premises/all
- package-manager/debian
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update231
- version/oracle jdk 6/1.8.0-update221
- version/oracle jdk 6/11.0.4
- version/oracle jdk 6/13.0.0
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update231
- version/oracle java runtime environment (jre)/1.8.0-update221
- version/oracle java runtime environment (jre)/11.0.4
- version/oracle java runtime environment (jre)/13.0.0
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/5.8
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/7.7
- version/redhat enterprise linux eus/8.1
- version/redhat enterprise linux eus/8.6
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- vendor/netapp
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.50.2
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity unified manager
- canonical/netapp e-series santricity web services proxy
- canonical/netapp oncommand workflow automation
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/19.04
- version/ubuntu linux/19.10
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.0
- version/opensuse/15.1
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- version/debian/10.0
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.04
- version/ubuntu/19.10