What is the severity of CVE-2020-2593?

CVE-2020-2593 is rated as a moderate severity vulnerability.

How do I fix CVE-2020-2593?

Fix CVE-2020-2593 by updating to the recommended versions of OpenJDK or Oracle JDK as specified in the vulnerability advisory.

What components are affected by CVE-2020-2593?

CVE-2020-2593 affects the Networking component of OpenJDK.

Can CVE-2020-2593 lead to security issues?

Yes, CVE-2020-2593 can lead to incorrect URL normalization which may cause security implications.

What versions of Java are impacted by CVE-2020-2593?

CVE-2020-2593 impacts several versions of OpenJDK and Oracle JDK including 1.7, 1.8, and 11.

Vulnerability/
CVE-2020-2593

medium

5.8

CWE

172

14/1/2020

15/1/2020

30/9/2024

CVE-2020-2593

First published: Tue Jan 14 2020(Updated: )

A flaw was found in the URL class implementation in the Networking component of OpenJDK. An incorrect check to determine if a URLStreamHandler is builtin or not can lead to incorrect URL normalization in certain cases.

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/java	<1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10	1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10
redhat/java	<1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10	1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10
redhat/java	<1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el6_10	1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el6_10	1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el6_10
redhat/java	<11-openjdk-1:11.0.6.10-1.el7_7	11-openjdk-1:11.0.6.10-1.el7_7
redhat/java	<1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7	1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7
redhat/java	<1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7	1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7
redhat/java	<1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el7	1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el7
redhat/java	<1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el7	1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el7
redhat/java	<11-openjdk-1:11.0.6.10-0.el8_1	11-openjdk-1:11.0.6.10-0.el8_1
redhat/java	<1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1	1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1
redhat/java	<1.8.0-ibm-1:1.8.0.6.5-1.el8_1	1.8.0-ibm-1:1.8.0.6.5-1.el8_1
redhat/java	<1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0	1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0
redhat/java	<11-openjdk-1:11.0.6.10-0.el8_0	11-openjdk-1:11.0.6.10-0.el8_0
debian/openjdk-11		11.0.24+8-2~deb11u1 11.0.25~5ea-1
debian/openjdk-8		8u422-b05-1
Oracle JDK 6	=1.7.0-update241
Oracle JDK 6	=1.8.0-update231
Oracle JDK 6	=11.0.5
Oracle JDK 6	=13.0.1
Oracle Java Runtime Environment (JRE)	=1.7.0-update_241
Oracle Java Runtime Environment (JRE)	=1.8.0-update_231
Oracle Java Runtime Environment (JRE)	=11.0.5
Oracle Java Runtime Environment (JRE)	=13.0.1
Red Hat Enterprise Linux	=8.0
redhat enterprise Linux desktop	=6.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux eus	=7.7
redhat enterprise Linux eus	=8.1
redhat enterprise Linux server	=6.0
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.7
redhat enterprise Linux server tus	=7.7
redhat enterprise Linux workstation	=6.0
redhat enterprise Linux workstation	=7.0
OpenJDK 17	=7
OpenJDK 17	=7-update241
OpenJDK 17	=7-update80
OpenJDK 17	=7-update85
OpenJDK 17	=8
OpenJDK 17	=8-update102
OpenJDK 17	=8-update112
OpenJDK 17	=8-update152
OpenJDK 17	=8-update162
OpenJDK 17	=8-update172
OpenJDK 17	=8-update192
OpenJDK 17	=8-update20
OpenJDK 17	=8-update202
OpenJDK 17	=8-update212
OpenJDK 17	=8-update222
OpenJDK 17	=8-update232
OpenJDK 17	=8-update40
OpenJDK 17	=8-update60
OpenJDK 17	=8-update66
OpenJDK 17	=8-update72
OpenJDK 17	=8-update92
OpenJDK 17	=11
OpenJDK 17	=11.0.1
OpenJDK 17	=11.0.2
OpenJDK 17	=11.0.3
OpenJDK 17	=11.0.4
OpenJDK 17	=11.0.5
OpenJDK 17	=13
OpenJDK 17	=13.0.1
Debian GNU/Linux	=8.0
Debian GNU/Linux	=9.0
Debian GNU/Linux	=10.0
Ubuntu Linux	=16.04
Ubuntu Linux	=18.04
Ubuntu Linux	=19.10
openSUSE	=15.1
Trellix ePolicy Orchestrator	=5.9.0
Trellix ePolicy Orchestrator	=5.9.1
Trellix ePolicy Orchestrator	=5.10.0
Trellix ePolicy Orchestrator	=5.10.0-update_1
Trellix ePolicy Orchestrator	=5.10.0-update_2
Trellix ePolicy Orchestrator	=5.10.0-update_3
Trellix ePolicy Orchestrator	=5.10.0-update_4
Trellix ePolicy Orchestrator	=5.10.0-update_5
Trellix ePolicy Orchestrator	=5.10.0-update_6
netapp active iq unified manager windows	>=7.3
NetApp Active IQ Unified Manager for VMware vSphere	>=9.5
netapp e-series performance analyzer
NetApp E-Series SANtricity Management for VMware vCenter
NetApp E-Series SANtricity OS Controller	>=11.0.0<=11.60.3
netapp e-series santricity storage manager
netapp e-series santricity Web services Web services proxy
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
netapp santricity unified manager
NetApp SteelStore
Debian	=8.0
Debian	=9.0
Debian	=10.0
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=19.10

Remedy

https://www.oracle.com/security-alerts/cpujan2020.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2020-2593?
CVE-2020-2593 is rated as a moderate severity vulnerability.
How do I fix CVE-2020-2593?
Fix CVE-2020-2593 by updating to the recommended versions of OpenJDK or Oracle JDK as specified in the vulnerability advisory.
What components are affected by CVE-2020-2593?
CVE-2020-2593 affects the Networking component of OpenJDK.
Can CVE-2020-2593 lead to security issues?
Yes, CVE-2020-2593 can lead to incorrect URL normalization which may cause security implications.
What versions of Java are impacted by CVE-2020-2593?
CVE-2020-2593 impacts several versions of OpenJDK and Oracle JDK including 1.7, 1.8, and 11.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-2593
agent/severity
agent/remedy
agent/weakness
collector/launchpad-cve
source/Launchpad
agent/author
collector/ibm-support
source/IBM
collector/usn-cve
source/Ubuntu
agent/references
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/redhat
package-manager/debian
vendor/oracle
canonical/oracle jdk 6
version/oracle jdk 6/1.7.0-update241
version/oracle jdk 6/1.8.0-update231
version/oracle jdk 6/11.0.5
version/oracle jdk 6/13.0.1
canonical/oracle java runtime environment (jre)
version/oracle java runtime environment (jre)/1.7.0-update_241
version/oracle java runtime environment (jre)/1.8.0-update_231
version/oracle java runtime environment (jre)/11.0.5
version/oracle java runtime environment (jre)/13.0.1
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.7
version/redhat enterprise linux eus/8.1
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
canonical/openjdk 17
version/openjdk 17/7
version/openjdk 17/7-update241
version/openjdk 17/7-update80
version/openjdk 17/7-update85
version/openjdk 17/8
version/openjdk 17/8-update102
version/openjdk 17/8-update112
version/openjdk 17/8-update152
version/openjdk 17/8-update162
version/openjdk 17/8-update172
version/openjdk 17/8-update192
version/openjdk 17/8-update20
version/openjdk 17/8-update202
version/openjdk 17/8-update212
version/openjdk 17/8-update222
version/openjdk 17/8-update232
version/openjdk 17/8-update40
version/openjdk 17/8-update60
version/openjdk 17/8-update66
version/openjdk 17/8-update72
version/openjdk 17/8-update92
version/openjdk 17/11
version/openjdk 17/11.0.1
version/openjdk 17/11.0.2
version/openjdk 17/11.0.3
version/openjdk 17/11.0.4
version/openjdk 17/11.0.5
version/openjdk 17/13
version/openjdk 17/13.0.1
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
version/debian gnu/linux/9.0
version/debian gnu/linux/10.0
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/16.04
version/ubuntu linux/18.04
version/ubuntu linux/19.10
vendor/opensuse
canonical/opensuse
version/opensuse/15.1
vendor/mcafee
canonical/trellix epolicy orchestrator
version/trellix epolicy orchestrator/5.9.0
version/trellix epolicy orchestrator/5.9.1
version/trellix epolicy orchestrator/5.10.0
version/trellix epolicy orchestrator/5.10.0-update_1
version/trellix epolicy orchestrator/5.10.0-update_2
version/trellix epolicy orchestrator/5.10.0-update_3
version/trellix epolicy orchestrator/5.10.0-update_4
version/trellix epolicy orchestrator/5.10.0-update_5
version/trellix epolicy orchestrator/5.10.0-update_6
vendor/netapp
canonical/netapp active iq unified manager windows
version/netapp active iq unified manager windows/7.3
canonical/netapp active iq unified manager for vmware vsphere
version/netapp active iq unified manager for vmware vsphere/9.5
canonical/netapp e-series performance analyzer
canonical/netapp e-series santricity management for vmware vcenter
canonical/netapp e-series santricity os controller
version/netapp e-series santricity os controller/11.0.0
version/netapp e-series santricity os controller/11.60.3
canonical/netapp e-series santricity storage manager
canonical/netapp e-series santricity web services web services proxy
canonical/netapp oncommand insight
canonical/netapp oncommand workflow automation
canonical/netapp santricity unified manager
canonical/netapp steelstore
canonical/debian
version/debian/8.0
version/debian/9.0
version/debian/10.0
canonical/ubuntu
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/19.10