Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Bugtraq ID:	106597
Class:	Unknown
CVE:	CVE-2019-2449
Remote:	Yes
Local:	No
Published:	Jan 15 2019 12:00AM
Updated:	Jan 15 2019 12:00AM
Credit:	rgod of 9sg Security Team working with Trend Micro's Zero Day Initiative
Vulnerable:	Oracle JRE(Windows Production Release) 1.8 Update 192 Oracle JRE(Solaris Production Release) 1.8 Update 192 Oracle JRE(macOS Production Release) 1.8 Update 192 Oracle JRE(Linux Production Release) 1.8 Update 192 Oracle JDK(Windows Production Release) 1.8 Update 192 Oracle JDK(Solaris Production Release) 1.8 Update 192 Oracle JDK(macOS Production Release) 1.8 Update 192 Oracle JDK(Linux Production Release) 1.8 Update 192
Not Vulnerable:

Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Oracle Java SE is prone to a remote security vulnerability.

The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' component.

This vulnerability affects the following supported versions:
Java SE: 8u192

Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

References:

• Oracle Homepage (Oracle)
  
• Oracle Critical Patch Update Advisory - January 2019 (Oracle)
  
• Oracle January 15 2019 CPU (1.7.0_211, 1.8.0_201) (IBM)
  
• Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java�?� Technolog (IBM)