Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). The actual CVE descriptions are also cryptic – here is an example of one ( CVE-2020-2583): Here are partial screenshots from Oracle’s critical patch update advisory, text version and the OpenJDK advisory: The problem is that it is virtually impossible to figure out what the actual bugs are. At the same time, the open source version of Java – OpenJDK – released their patches as well. (UPDATE : Added clarification as to the source of the information for the source commits)Įarlier today Oracle releases patches for various flavors of Java.
0 Comments
Leave a Reply. |