Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
BID:106590
CVE-2019-2426 |Info
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
| Bugtraq ID: | 106590 |
| Class: | Unknown |
| CVE: |
CVE-2019-2426 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2019 12:00AM |
| Updated: | Mar 22 2019 11:00AM |
| Credit: | emanon noname |
| Vulnerable: |
Oracle JRE(Windows Production Release) 11.0.1 Oracle JRE(Windows Production Release) 1.8 Update 192 Oracle JRE(Windows Production Release) 1.8 Update 191 Oracle JRE(Windows Production Release) 1.7 Update 201 Oracle JRE(Solaris Production Release) 11.0.1 Oracle JRE(Solaris Production Release) 1.8 Update 192 Oracle JRE(Solaris Production Release) 1.8 Update 191 Oracle JRE(Solaris Production Release) 1.7 Update 201 Oracle JRE(macOS Production Release) 11.0.1 Oracle JRE(macOS Production Release) 1.8 Update 192 Oracle JRE(macOS Production Release) 1.8 Update 191 Oracle JRE(macOS Production Release) 1.7 Update 201 Oracle JRE(Linux Production Release) 11.0.1 Oracle JRE(Linux Production Release) 1.8 Update 192 Oracle JRE(Linux Production Release) 1.8 Update 191 Oracle JRE(Linux Production Release) 1.7 Update 201 Oracle JDK(Windows Production Release) 11.0.1 Oracle JDK(Windows Production Release) 1.8 Update 192 Oracle JDK(Windows Production Release) 1.8 Update 191 Oracle JDK(Windows Production Release) 1.7 Update 201 Oracle JDK(Solaris Production Release) 11.0.1 Oracle JDK(Solaris Production Release) 1.8 Update 192 Oracle JDK(Solaris Production Release) 1.8 Update 191 Oracle JDK(Solaris Production Release) 1.7 Update 201 Oracle JDK(macOS Production Release) 11.0.1 Oracle JDK(macOS Production Release) 1.8 Update 192 Oracle JDK(macOS Production Release) 1.8 Update 191 Oracle JDK(macOS Production Release) 1.7 Update 201 Oracle JDK(Linux Production Release) 11.0.1 Oracle JDK(Linux Production Release) 1.8 Update 192 Oracle JDK(Linux Production Release) 1.8 Update 191 Oracle JDK(Linux Production Release) 1.7 Update 201 IBM Java SDK 8 SR5 FP20 IBM Java SDK 8 SR3 FP11 IBM Java SDK 8 SR2 FP10 IBM Java SDK 8 SR1-FP1 IBM Java SDK 8 SR1 IBM Java SDK 8 SR 5 FP 7 IBM Java SDK 8 SR 5 FP 27 IBM Java SDK 8 SR 5 FP 20 IBM Java SDK 8 SR 5 FP 15 IBM Java SDK 8 SR 5 FP 10 IBM Java SDK 8 SR 4 FP 5 IBM Java SDK 8 SR 4 FP 2 IBM Java SDK 8 SR 3 FP 10 IBM Java SDK 8 SR 3 IBM Java SDK 8 SR 2 FP 14 IBM Java SDK 8 SR 2 IBM Java SDK 8 SR 1 FP 10 IBM Java SDK 8 SR 1 FP 1 IBM Java SDK 7R1 SR3-FP1 IBM Java SDK 7R1 SR3 FP50 IBM Java SDK 7R1 SR3 FP40 IBM Java SDK 7R1 SR3 FP30 IBM Java SDK 7R1 SR3 IBM Java SDK 7R1 SR2-FP10 IBM Java SDK 7R1 SR2 IBM Java SDK 7R1 SR1 IBM Java SDK 7R1 SR 4 FP 5 IBM Java SDK 7R1 SR 4 FP 35 IBM Java SDK 7R1 SR 4 FP 30 IBM Java SDK 7R1 SR 4 FP 25 IBM Java SDK 7R1 SR 4 FP 20 IBM Java SDK 7R1 SR 4 FP 15 IBM Java SDK 7R1 SR 4 FP 1 IBM Java SDK 7R1 SR 3 FP 50 IBM Java SDK 7R1 SR 3 FP 40 IBM Java SDK 7R1 SR 3 FP 20 IBM Java SDK 7R1 SR 3 FP 10 IBM Java SDK 7R1 SR 3 FP 1 IBM Java SDK 7 SR9-FP1 IBM Java SDK 7 SR9 FP50 IBM Java SDK 7 SR9 FP40 IBM Java SDK 7 SR9 FP30 IBM Java SDK 7 SR9 IBM Java SDK 7 SR8-FP10 IBM Java SDK 7 SR8 IBM Java SDK 7 SR7 IBM Java SDK 7 SR5 IBM Java SDK 7 SR4-FP2 IBM Java SDK 7 SR4-FP1 IBM Java SDK 7 SR4 IBM Java SDK 7 SR3 IBM Java SDK 7 SR2 IBM Java SDK 7 SR10 FP30 IBM Java SDK 7 SR1 IBM Java SDK 7 SR 9 FP 50 IBM Java SDK 7 SR 9 FP 40 IBM Java SDK 7 SR 9 FP 32 IBM Java SDK 7 SR 9 FP 20 IBM Java SDK 7 SR 9 FP 10 IBM Java SDK 7 SR 9 FP 1 IBM Java SDK 7 SR 10 FP 5 IBM Java SDK 7 SR 10 FP 35 IBM Java SDK 7 SR 10 FP 30 IBM Java SDK 7 SR 10 FP 25 IBM Java SDK 7 SR 10 FP 20 IBM Java SDK 7 SR 10 FP 15 IBM Java SDK 7 SR 10 FP 1 IBM DB2 11.1.3 IBM DB2 11.1.2 FP2 IBM DB2 11.1.2 IBM DB2 11.1.1 IBM DB2 10.1 .4 IBM DB2 9.7.0.9 A IBM DB2 9.7.0.9 IBM DB2 9.7.0.8 IBM DB2 9.7.0.7 IBM DB2 9.7.0.6 IBM DB2 9.7.0.5 IBM DB2 9.7.0.4 IBM DB2 9.7.0.3 IBM DB2 9.7.0.2 IBM DB2 9.7.0.1 IBM DB2 9.7 Fp5 IBM DB2 9.7 Fp3a IBM DB2 9.7 Fp2 IBM DB2 9.7 FP11 IBM DB2 9.7 Fixpak 7 IBM DB2 9.7 Fixpak 6 IBM DB2 9.7 Fixpak 4 IBM DB2 9.7 Fixpack 4 IBM DB2 9.7 fixpack 3 IBM DB2 9.7 fixpack 2 IBM DB2 9.7 Fix Pack 7 IBM DB2 9.7 IBM DB2 11.1.4.4 iFix001 IBM DB2 11.1.4.4 IBM DB2 11.1.3.3 iFix002 IBM DB2 11.1.3.3 iFix001 IBM DB2 11.1.3 FP3 IBM DB2 11.1.2.2 FP2 IBM DB2 11.1.0.0 IBM DB2 10.5.0.7 IBM DB2 10.5.0.4 IBM DB2 10.5.0.3 A IBM DB2 10.5.0.3 IBM DB2 10.5.0.2 IBM DB2 10.5.0.1 IBM DB2 10.1.0.3 A IBM DB2 10.1.0.3 IBM DB2 10.1.0.2 IBM DB2 10.1.0.1 |
| Not Vulnerable: |
Oracle JRE(Windows Production Release) 11.0.2 Oracle JRE(Windows Production Release) 1.8 Update 201 Oracle JRE(Windows Production Release) 1.7 Update 211 Oracle JRE(Solaris Production Release) 11.0.2 Oracle JRE(Solaris Production Release) 1.8 Update 201 Oracle JRE(Solaris Production Release) 1.7 Update 211 Oracle JRE(macOS Production Release) 11.0.2 Oracle JRE(macOS Production Release) 1.8 Update 201 Oracle JRE(macOS Production Release) 1.7 Update 211 Oracle JRE(Linux Production Release) 11.0.2 Oracle JRE(Linux Production Release) 1.8 Update 201 Oracle JRE(Linux Production Release) 1.7 Update 211 Oracle JDK(Windows Production Release) 11.0.2 Oracle JDK(Windows Production Release) 1.8 Update 201 Oracle JDK(Windows Production Release) 1.7 Update 211 Oracle JDK(Solaris Production Release) 11.0.2 Oracle JDK(Solaris Production Release) 1.8 Update 201 Oracle JDK(Solaris Production Release) 1.7 Update 211 Oracle JDK(macOS Production Release) 11.0.2 Oracle JDK(macOS Production Release) 1.8 Update 201 Oracle JDK(macOS Production Release) 1.7 Update 211 Oracle JDK(Linux Production Release) 11.0.2 Oracle JDK(Linux Production Release) 1.8 Update 201 Oracle JDK(Linux Production Release) 1.7 Update 211 IBM Java SDK 8 SR 5 FP 30 IBM Java SDK 7R1 SR 4 FP 40 IBM Java SDK 7 SR 10 FP 40 |
Discussion
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
Oracle Java SE is prone to an information-disclosure vulnerability vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
This vulnerability affects the following supported versions:
Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191
Oracle Java SE is prone to an information-disclosure vulnerability vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
This vulnerability affects the following supported versions:
Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191
Exploit / POC
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
References:
References:
- Oracle Homepage (Oracle)
- Bug 1665953 (CVE-2019-2426 OpenJDK: transparent NTLM authentication (Redhat)
- CVE-2019-2426 (Redhat)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)
- Oracle January 15 2019 CPU (1.7.0_211, 1.8.0_201) (IBM)
- Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime (IBM)
- Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java�?� Technolog (IBM)