What is the vulnerability ID of this Java SE vulnerability?

The vulnerability ID of this Java SE vulnerability is CVE-2019-2945.

What component of Java SE is affected by this vulnerability?

This vulnerability affects the Networking component of Java SE.

Which versions of Java SE are affected by this vulnerability?

The affected versions of Java SE are 7u231, 8u221, 11.0.4, and 13.

Is this vulnerability difficult to exploit?

Yes, this vulnerability is difficult to exploit.

How can I fix this vulnerability?

To fix this vulnerability, update to the recommended versions listed in the Red Hat Security Advisory.

Vulnerability/
CVE-2019-2945

low

3.1

14/10/2019

15/10/2019

16/10/2019

1/10/2024

CVE-2019-2945

First published: Mon Oct 14 2019(Updated: )

An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/java	<1.8.0-openjdk-1:1.8.0.232.b09-1.el6_10	1.8.0-openjdk-1:1.8.0.232.b09-1.el6_10
redhat/java	<1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el6_10	1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el6_10
redhat/java	<1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el6_10	1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10	1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10
redhat/java	<11-openjdk-1:11.0.5.10-0.el7_7	11-openjdk-1:11.0.5.10-0.el7_7
redhat/java	<1.8.0-openjdk-1:1.8.0.232.b09-0.el7_7	1.8.0-openjdk-1:1.8.0.232.b09-0.el7_7
redhat/java	<1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el7_7	1.7.0-openjdk-1:1.7.0.241-2.6.20.0.el7_7
redhat/java	<1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el7	1.7.1-ibm-1:1.7.1.4.55-1jpp.1.el7
redhat/java	<1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7	1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7
redhat/java	<1.8.0-openjdk-1:1.8.0.232.b09-0.el8_0	1.8.0-openjdk-1:1.8.0.232.b09-0.el8_0
redhat/java	<11-openjdk-1:11.0.5.10-0.el8_0	11-openjdk-1:11.0.5.10-0.el8_0
redhat/java	<1.8.0-ibm-1:1.8.0.6.0-3.el8_1	1.8.0-ibm-1:1.8.0.6.0-3.el8_1
Oracle JDK	=1.7.0-update231
Oracle JDK	=1.8.0-update221
Oracle JDK	=11.0.4
Oracle JDK	=13.0.0
Oracle JRE	=1.7.0-update231
Oracle JRE	=1.8.0-update221
Oracle JRE	=11.0.4
Oracle JRE	=13.0.0
Redhat Satellite	=5.8
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.7
Redhat Enterprise Linux Eus	=8.1
Redhat Enterprise Linux Eus	=8.6
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
NetApp E-Series SANtricity OS Controller	>=11.0.0<=11.50.2
Netapp E-series Santricity Storage Manager
Netapp E-series Santricity Unified Manager
Netapp E-series Santricity Web Services Proxy
NetApp OnCommand Workflow Automation
Netapp Snapmanager Oracle
Netapp Snapmanager Sap
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
openSUSE Leap	=15.0
openSUSE Leap	=15.1
IBM Engineering Requirements Quality Assistant On-Premises	<=All
debian/openjdk-11		11.0.24+8-2~deb11u1 11.0.25~5ea-1
debian/openjdk-8		8u422-b05-1

Remedy

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID of this Java SE vulnerability?
The vulnerability ID of this Java SE vulnerability is CVE-2019-2945.
What component of Java SE is affected by this vulnerability?
This vulnerability affects the Networking component of Java SE.
Which versions of Java SE are affected by this vulnerability?
The affected versions of Java SE are 7u231, 8u221, 11.0.4, and 13.
Is this vulnerability difficult to exploit?
Yes, this vulnerability is difficult to exploit.
How can I fix this vulnerability?
To fix this vulnerability, update to the recommended versions listed in the Red Hat Security Advisory.

collector/redhat-cve
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-2945
agent/type
agent/first-publish-date
agent/author
agent/remedy
agent/severity
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/references
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/oracle
canonical/oracle jdk
version/oracle jdk/1.7.0-update231
version/oracle jdk/1.8.0-update221
version/oracle jdk/11.0.4
version/oracle jdk/13.0.0
canonical/oracle jre
version/oracle jre/1.7.0-update231
version/oracle jre/1.8.0-update221
version/oracle jre/11.0.4
version/oracle jre/13.0.0
vendor/redhat
canonical/redhat satellite
version/redhat satellite/5.8
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.7
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.6
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/netapp
canonical/netapp e-series santricity os controller
version/netapp e-series santricity os controller/11.0.0
version/netapp e-series santricity os controller/11.50.2
canonical/netapp e-series santricity storage manager
canonical/netapp e-series santricity unified manager
canonical/netapp e-series santricity web services proxy
canonical/netapp oncommand workflow automation
canonical/netapp snapmanager oracle
canonical/netapp snapmanager sap
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/15.1
vendor/ibm
canonical/ibm engineering requirements quality assistant on-premises
version/ibm engineering requirements quality assistant on-premises/all
package-manager/debian