Description: | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: JSSE). Supported versions that are affected are Java
SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily
exploitable vulnerability allows unauthenticated attacker with network
access via HTTPS to compromise Java SE, Java SE Embedded. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a partial denial of service (partial DOS) of Java SE, Java SE
Embedded. Note: Applies to client and server deployment of Java. This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 5.3 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
|