java-11-openjdk-11.0.7.10-4.el7
エラータID: AXSA:2020-011:04
リリース日:
2020/04/23 Thursday - 08:21
題名:
java-11-openjdk-11.0.7.10-4.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java SE の Scription コンポーネントには、ネットワークアクセスが可能な
認証されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす脆弱性が
あります。(CVE-2020-2754)
- Java SE の Scripting コンポーネントには、ネットワークアクセスが可能な
認証されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす脆弱性が
あります。(CVE-2020-2755)
- Java SE の Serialization コンポーネントには、ネットワークアクセスが
可能な認証されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす
脆弱性があります。(CVE-2020-2756)
- Java SE の Serialization コンポーネントには、ネットワークアクセスが
可能な認証されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす
脆弱性があります。(CVE-2020-2757)
- Java SE の JSSE コンポーネントには、ネットワークアクセスが可能な認証
されていない攻撃者が JavaSE のアクセス可能なデータの更新、挿入、削除を
行い、また Java SE のアクセス可能なデータのサブセットに不正な読み込み
アクセスを引き起こす脆弱性があります。(CVE-2020-2767)
- Java SE の Security コンポーネントには、ネットワークアクセスが可能な
認証されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす脆弱性
があります。(CVE-2020-2773)
- Java SE の JSSE コンポーネントには、ネットワークアクセスが可能な認証
されていない攻撃者が Java SE のアクセス可能なデータのサブセットに不正な
読み込みアクセスを引き起こす脆弱性があります。(CVE-2020-2778)
- Java SE の JSSE コンポーネントには、ネットワークアクセスが可能な認証
されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす脆弱性が
あります。(CVE-2020-2781)
- Java SE の Lightweight HTTP Server コンポーネントには、ネットワーク
アクセスが可能な認証されていない攻撃者が JavaSE のアクセス可能なデータの
更新、挿入、削除を行い、また Java SE のアクセス可能なデータのサブセット
に不正な読み込みアクセスを引き起こす脆弱性があります。(CVE-2020-2800)
- Java SE の Libraries コンポーネントには、ネットワークアクセスが可能な
認証されていない攻撃者が、攻撃者以外の人とのやりとりを通じて、JavaSE を
乗っ取る脆弱性があります。(CVE-2020-2803)
- Java SE の Libraries コンポーネントには、ネットワークアクセスが可能な
認証されていない攻撃者が、攻撃者以外の人とのやりとりを通じて、JavaSE を
乗っ取る脆弱性があります。(CVE-2020-2805)
- Java SE の JSSE コンポーネントには、HTTPS 経由でのネットワークアクセスが
可能な認証されていない攻撃者が JavaSE の重要なデータ、あるいはアクセス可能な
すべてのデータの作成、削除、修正を行う脆弱性があります。(CVE-2020-2816)
- Java SE の Concurrency コンポーネントには、ネットワークアクセスが可能な
認証されていない攻撃者が JavaSE の部分的なサービス拒否を引き起こす脆弱性が
あります。(CVE-2020-2830)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-2754
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-2755
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-2756
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-2757
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-2767
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2020-2773
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-2778
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2020-2781
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-2800
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2020-2803
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2020-2805
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2020-2816
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2020-2830
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.7.10-4.el7.src.rpm
MD5: d5cc6fa2cb11bc73a88bd22b9752c8b5
SHA-256: 7a6b28f871351ca2e0bebef41fea87af4559add52d9571ade653a23e43c837ac
Size: 73.38 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.7.10-4.el7.x86_64.rpm
MD5: 59d35191f3e62846684b03df2da27851
SHA-256: 46fc1117a30fd3e42e85fdb132fed27acfddf8787f15b54dc203f9d17043810f
Size: 216.27 kB - java-11-openjdk-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: b45f33361dab4812c5a68c44bf27b745
SHA-256: 588ec0388cf518d028948744cad888fdb373a79881ac5080090758f3a2b099ca
Size: 221.17 kB - java-11-openjdk-demo-11.0.7.10-4.el7.x86_64.rpm
MD5: f2101f73faee72c9cd87d36dd55b4636
SHA-256: 1dd1158feb52a71cd7d9d9ec842830ef7c9f5614fccf2be2735ed45527998874
Size: 4.33 MB - java-11-openjdk-demo-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: 2197f5a0b54aa851a4c23106ecd053a2
SHA-256: aff32917f2b5e894a134c04957964e6b7510d5d9e3b6e939f47a262afc12713d
Size: 4.33 MB - java-11-openjdk-devel-11.0.7.10-4.el7.x86_64.rpm
MD5: 1c9a701e0139154a7be083fcdfc1c577
SHA-256: 2001d71b5a5d11dfae0e4449484189722171f38d7d3a7a6dd88e7a032dc9e8bc
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: 8da788dd9e22b1f0a1871e588bf189ac
SHA-256: 03f90ff295a54aa7ecfd580c5dad0d4795a7290985b9c8f22011e30acf7a8b6a
Size: 3.35 MB - java-11-openjdk-headless-11.0.7.10-4.el7.x86_64.rpm
MD5: 2f30a70d6eb647314a6d3f6a2476a189
SHA-256: c47bc5fcfa99dd1f6e35c2fabdad5ae5e2f4385c31898f4babe32fa21a41760a
Size: 38.91 MB - java-11-openjdk-headless-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: 849e23afc7bbe5e92593f5fcf3dd9d91
SHA-256: b3b5ab4261f1c1d7f41e67fe4337cd88c732fb73b1f8139204202587b81d0fb3
Size: 41.46 MB - java-11-openjdk-javadoc-11.0.7.10-4.el7.x86_64.rpm
MD5: 009eb13a3e737799838ed03d3dcd4753
SHA-256: acf8ee0dae8d321d741d5abc4da62f0d79fbf6f3a761d90a3f4d02f7dfe87edf
Size: 16.07 MB - java-11-openjdk-javadoc-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: 68792ca6ea96684770bcdd7761ca1ef9
SHA-256: 44fc88abe809ec19a504bbd9f8f479a053d88a66b32bb9009d5896e2b1c56ca5
Size: 16.07 MB - java-11-openjdk-javadoc-zip-11.0.7.10-4.el7.x86_64.rpm
MD5: f4974cf43abe5af4672561f67041dab4
SHA-256: 82940acbea5091c8bb98c2ad9d137eb730ab441bd00404b33f67b14f5cdc478b
Size: 42.19 MB - java-11-openjdk-javadoc-zip-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: 5d788f9f61df7ac8a94b0e54842c09d4
SHA-256: db693ddf2cb5bb0cd835e9e0b2bfb242a2f7cdede0064ac766d2bb1b5a788feb
Size: 42.19 MB - java-11-openjdk-jmods-11.0.7.10-4.el7.x86_64.rpm
MD5: e75ecd2c7b6eca7f07d72c1b59093d32
SHA-256: eb1e890e75bdf757f47e9fa42a267538724551ceb78061cddef0f919c4026e1b
Size: 309.30 MB - java-11-openjdk-jmods-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: 1857cf8da3fa9521d1add8fe8f390e26
SHA-256: 12d2eece462ded8c2ffe349ff821791fad03a7f748b4055ecbd58521502c9282
Size: 176.96 MB - java-11-openjdk-src-11.0.7.10-4.el7.x86_64.rpm
MD5: bb0b0dbde37f5b3877faae2cb2c47108
SHA-256: 1fca73592c06389b5df0120a110cecbb078aa0a3245ab52a50d66f1ad931a79a
Size: 50.16 MB - java-11-openjdk-src-debug-11.0.7.10-4.el7.x86_64.rpm
MD5: b24c2dd0859ab37c3f2ecc9d416d69a2
SHA-256: 66fd34fae5c4e3add90f876500fc615694c56dc46418b25e42ce9456e31aca04
Size: 50.16 MB - java-11-openjdk-11.0.7.10-4.el7.i686.rpm
MD5: 702de74a7c9c08420623717af4ae7b7c
SHA-256: 5a020e25d78b523cd60f34e38d9927ce2ef5f1436c0e62800e47ee13a980d5f5
Size: 212.34 kB - java-11-openjdk-debug-11.0.7.10-4.el7.i686.rpm
MD5: a9dc6dc661ffcdd64561681161690c48
SHA-256: a69e93f72e8c12422b462b47cd9af17206a2301d43091be53776cb5dff396664
Size: 215.27 kB - java-11-openjdk-demo-11.0.7.10-4.el7.i686.rpm
MD5: 1a8e44aa67edf47104f6f7e772871584
SHA-256: 989616f530bc2798db717820e6c9fc28a2d16aff4afb4c32655c57fe0f781135
Size: 4.33 MB - java-11-openjdk-demo-debug-11.0.7.10-4.el7.i686.rpm
MD5: 6d7701daa359011c9245ceca1fd59d34
SHA-256: fef620e360821e945f03347b73c5ccce0d562222dbb9f53929f4ed37ccb19260
Size: 4.33 MB - java-11-openjdk-devel-11.0.7.10-4.el7.i686.rpm
MD5: 568f3f99ad76bdcbfed59d568f9b1aa5
SHA-256: 92ae1ed5b0012d593629c14628a21bed3ad8ac16d304fb2fb9576a8a1eb5171a
Size: 3.33 MB - java-11-openjdk-devel-debug-11.0.7.10-4.el7.i686.rpm
MD5: aab31f2447db2b7d640c8d7f41e7d9be
SHA-256: 5e79837ccf2b33bc3e8f6d392a7b60b4c5f55feab37a686d916a0deb4bec7f41
Size: 3.33 MB - java-11-openjdk-headless-11.0.7.10-4.el7.i686.rpm
MD5: 4f9d176df050c79e893209137ca573f0
SHA-256: 3b0212bc46b77c5b05b6409b9e283ac5764606338badb147df97860011212cb2
Size: 35.22 MB - java-11-openjdk-headless-debug-11.0.7.10-4.el7.i686.rpm
MD5: 31af1363e832cd94966ef2e680feb033
SHA-256: c768423856730a94274b2bdba195e7ac6fc6c48dabd37af0521b81493bb412be
Size: 37.33 MB - java-11-openjdk-javadoc-11.0.7.10-4.el7.i686.rpm
MD5: 82515b404ab1b1977a4be2d82a8ca985
SHA-256: f682a3432eba42b5f1127d8eb7781f6cb944f980def7b447f2b6803bd2951d4b
Size: 16.07 MB - java-11-openjdk-javadoc-debug-11.0.7.10-4.el7.i686.rpm
MD5: f36ebfaf93d5695996a7dbc1f919a24c
SHA-256: 00be51bfd018a25653d15882eb8de97f631457c7b8f63343ca445b48cc8b32df
Size: 16.07 MB - java-11-openjdk-javadoc-zip-11.0.7.10-4.el7.i686.rpm
MD5: 34cfd18ac8f83d927dabee210288fa96
SHA-256: 6572b1d544f16d6ad91ce7cc8298ae71e040f7b38ff65b4931f28deb40a8df50
Size: 42.22 MB - java-11-openjdk-javadoc-zip-debug-11.0.7.10-4.el7.i686.rpm
MD5: 2f8c6449bde5782303dc3188a0f9d6fa
SHA-256: 93fea7a6e749565075caf32a0c9d322ac67e92fd702062ec92a0e3350944e69f
Size: 42.22 MB - java-11-openjdk-jmods-11.0.7.10-4.el7.i686.rpm
MD5: 6a6bfce9bf33ab37b0570c1790e00cd6
SHA-256: d4416d816b1223ca82ff52ac4606ca49f281bf7b3e248be158b49d558b72a904
Size: 276.86 MB - java-11-openjdk-jmods-debug-11.0.7.10-4.el7.i686.rpm
MD5: e905a671bcdd49ae4ceb9e0e4d29d999
SHA-256: a18e06cb2d2b38661756b17af44732908a9cb5a64476413d6b0ad64d815a1e9f
Size: 157.43 MB - java-11-openjdk-src-11.0.7.10-4.el7.i686.rpm
MD5: bcf1da71ab2b53797c133b03c9f42586
SHA-256: af82cd59d5d4dcef29d99815aae61f831eaf5db77ca37ba81f66bdedd3b717b7
Size: 45.42 MB - java-11-openjdk-src-debug-11.0.7.10-4.el7.i686.rpm
MD5: 6e6e19c5f9a54005cccca33170692246
SHA-256: 31680a7f633d0952d8b9a88b799fb966d277364afe17d00d32e7a403825fc6ad
Size: 45.42 MB
English