Description: | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Networking). Supported versions that are affected are
Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.
Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java
SE Embedded. Successful attacks require human interaction from a
person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized ability to cause a partial
denial of service (partial DOS) of Java SE, Java SE Embedded. Note:
This vulnerability applies to Java deployments, typically in clients
running sandboxed Java Web Start applications or sandboxed Java
applets (in Java SE 8), that load and run untrusted code (e.g., code
that comes from the internet) and rely on the Java sandbox for
security. This vulnerability does not apply to Java deployments,
typically in servers, that load and run only trusted code (e.g., code
installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
|