Red Hat Enterprise Linux 6 update for java-1.8.0-openjdk

1) Improper input validation

EUVDB-ID: #VU27227

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-2754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Scripting component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU27228

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-2755

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Scripting component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU27230

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-2756

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU27231

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-2757

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU27229

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-2773

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Security component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU27221

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-2781

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU27224

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-2800

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Lightweight HTTP Server component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU27212

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-2803

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Java component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU27219

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-2805

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU27222

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-2830

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Concurrency component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

java-1.8.0-openjdk (Red Hat package): 1.8.0.25-1.b17.el6 - 1.8.0.181-3.b13.el6_10

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2020:1506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	YES
Number of vulnerabilities	10
CVE-ID	CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	java-1.8.0-openjdk (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Scientific Computing Operating systems & Components / Operating system Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system
Vendor	Red Hat Inc.