CVE-2019-2684

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-2684
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2684.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-2684
Downstream
Related
Published
2019-04-23T19:32:55.443Z
Modified
2026-05-18T05:52:10.601997211Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "4.0.0-beta1"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "apache:cassandra"
        },
        {
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "last_affected": "18.10"
                },
                {
                    "last_affected": "19.04"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "canonical:ubuntu_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "debian:debian_linux"
        },
        {
            "cpes": [
                "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "8.6.5-00"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "hp:xp7_command_view"
        },
        {
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "42.3"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "opensuse:leap"
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "1.7.0-update211"
                },
                {
                    "last_affected": "1.8.0-update201"
                },
                {
                    "last_affected": "1.8.0-update202"
                },
                {
                    "last_affected": "11.0.2"
                },
                {
                    "last_affected": "12"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "oracle:jdk"
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:jre:1.7.0:update211:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jre:1.8.0:update201:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jre:1.8.0:update202:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "1.7.0-update211"
                },
                {
                    "last_affected": "1.8.0-update201"
                },
                {
                    "last_affected": "1.8.0-update202"
                },
                {
                    "last_affected": "11.0.2"
                },
                {
                    "last_affected": "12"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "oracle:jre"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_desktop"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.1"
                },
                {
                    "last_affected": "8.2"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_eus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.2"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server_aus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.2"
                },
                {
                    "last_affected": "8.4"
                },
                {
                    "last_affected": "8.6"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server_tus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_workstation"
        },
        {
            "cpes": [
                "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "3.11"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:openshift_container_platform"
        },
        {
            "cpes": [
                "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "5.8"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:satellite"
        }
    ]
}
References

Affected packages

Git / github.com/apache/cassandra

Affected ranges

Type
GIT
Repo
https://github.com/apache/cassandra
Events
Introduced
e06c1e8381525363e90ccf694275361e2958647a
Fixed
94e9149c22f6a7772c0015e1b1ef2e2961155c0a
Introduced
437bb9de77f54aa5a4a6a634ab3d2c753a17b3fc
Fixed
d4938cf4e488a9ef3ac48164a3e946f16255d721
Introduced
96f407bce56b98cd824d18e32ee012dbb99a0286
Fixed
45331bb612dc7847efece7e26cdd0b376bd11249
Introduced
88dee7e9d515ad94ecf8f2309f1e6138ec79e1a2
Fixed
8b29b698630960a0ebb2c695cc5b21dee4686d09
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.22"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "fixed": "2.2.18"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.22"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.8"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*"
}

Affected versions

cassandra-2.*
cassandra-2.2.0
cassandra-2.2.1
cassandra-2.2.10
cassandra-2.2.11
cassandra-2.2.12
cassandra-2.2.13
cassandra-2.2.14
cassandra-2.2.15
cassandra-2.2.16
cassandra-2.2.17
cassandra-2.2.2
cassandra-2.2.3
cassandra-2.2.4
cassandra-2.2.5
cassandra-2.2.6
cassandra-2.2.8
cassandra-2.2.9
cassandra-3.*
cassandra-3.0.0
cassandra-3.0.1
cassandra-3.0.10
cassandra-3.0.11
cassandra-3.0.12
cassandra-3.0.13
cassandra-3.0.14
cassandra-3.0.15
cassandra-3.0.16
cassandra-3.0.17
cassandra-3.0.18
cassandra-3.0.19
cassandra-3.0.20
cassandra-3.0.21
cassandra-3.0.3
cassandra-3.0.4
cassandra-3.0.5
cassandra-3.0.6
cassandra-3.0.7
cassandra-3.0.9
cassandra-3.11.0
cassandra-3.11.1
cassandra-3.11.2
cassandra-3.11.3
cassandra-3.11.4
cassandra-3.11.5
cassandra-3.11.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2684.json"

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
e498667bd7811e846771a852b16ce9f1e524b81b
Last affected
1cfec207b09fed52965f0d0426059ca989daf3b4
Introduced
e37b977db6f47e4380ad67114a49e8568951c953
Last affected
14bdacea996993a3b94ec0972cea92370e42ae4d
Introduced
3c78e95e36268dfb76db1570f0cf49104fa6eabc
Last affected
7c14efedba0cc81319efacb0e7f5129804e7b6f9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
29b07def810d335012e738b22ab44d4e232b50d1
Last affected
10e04de1946981261a734507f4a6d953e2a206fe
Last affected
65ddc3a3872ea41ca67fec7b6834c704b6893361
Last affected
b5a74e3c7913c560648f0ffedfbbb3ebe4318def
Last affected
de128d72af746184e035ff1b53629f08cb141a04
Last affected
aac670afe1226e10513021100fce8a12344743c6
Last affected
c2c8107f0cea4755497a85990807b883b66f6b57
Last affected
8c48678b110f3fbbe66f6dde0e45d2578fa92c29
Last affected
9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f
Last affected
59e713216cf2256aacc54f6ba627865f356f9e4e
Last affected
7dc5e29fe49850102261badf158752d6865311e4
Last affected
18b014d8691909be6153ae7db022a6c35f9c93ea
Last affected
600dc8ba5d9be7599d29bff83c342213d93b034e
Last affected
3bd48aab236e5bf0ed1644e9f0c588fd20e503ab
Last affected
642d3dd4d50ea1f03f9827962e4fc982a123bb78
Last affected
24566c02fb917a6ca1b6479a60971b0d8acd895c
Last affected
cac0e029dcced854eeca7444710e78e412dc2c2a
Last affected
c5efed313de1a181f4f9f98f5023117f3b911257
Last affected
ab04166fac59fcf9b3be3aab1c8b896842782d4c
Last affected
35071e7e52f296b9187b054b0efd74121b7db3bd
Last affected
d1dc05e934e089ea8907998cf850760017a0ed82
Last affected
fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf
Last affected
c7b84102600d600bcc527560d9c4d10c3fd440ab
Last affected
d8ebf61e51b4455e3c226751e492a533f9002d48
Last affected
aba238718ac9b149d25feaa9a14ecad3b0e3a5e2
Last affected
fe854ab1f111396458d98fa2ab08c693ce9407e1
Last affected
45f8fd74cdb96490fab8709263a4d862f0d429cf
Database specific 
{
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.0.97"
        },
        {
            "introduced": "8.5.0"
        },
        {
            "last_affected": "8.5.47"
        },
        {
            "introduced": "9.0.1"
        },
        {
            "last_affected": "9.0.28"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone1"
        },
        {
            "last_affected": "9.0.0-milestone10"
        },
        {
            "last_affected": "9.0.0-milestone11"
        },
        {
            "last_affected": "9.0.0-milestone12"
        },
        {
            "last_affected": "9.0.0-milestone13"
        },
        {
            "last_affected": "9.0.0-milestone14"
        },
        {
            "last_affected": "9.0.0-milestone15"
        },
        {
            "last_affected": "9.0.0-milestone16"
        },
        {
            "last_affected": "9.0.0-milestone17"
        },
        {
            "last_affected": "9.0.0-milestone18"
        },
        {
            "last_affected": "9.0.0-milestone19"
        },
        {
            "last_affected": "9.0.0-milestone2"
        },
        {
            "last_affected": "9.0.0-milestone20"
        },
        {
            "last_affected": "9.0.0-milestone21"
        },
        {
            "last_affected": "9.0.0-milestone22"
        },
        {
            "last_affected": "9.0.0-milestone23"
        },
        {
            "last_affected": "9.0.0-milestone24"
        },
        {
            "last_affected": "9.0.0-milestone25"
        },
        {
            "last_affected": "9.0.0-milestone26"
        },
        {
            "last_affected": "9.0.0-milestone27"
        },
        {
            "last_affected": "9.0.0-milestone3"
        },
        {
            "last_affected": "9.0.0-milestone4"
        },
        {
            "last_affected": "9.0.0-milestone5"
        },
        {
            "last_affected": "9.0.0-milestone6"
        },
        {
            "last_affected": "9.0.0-milestone7"
        },
        {
            "last_affected": "9.0.0-milestone8"
        },
        {
            "last_affected": "9.0.0-milestone9"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*"
    ]
}

Affected versions

7.*
7.0.97
8.*
8.5.47
9.*
9.0.0-M1
9.0.0-M10
9.0.0-M11
9.0.0-M12
9.0.0-M13
9.0.0-M14
9.0.0-M15
9.0.0-M16
9.0.0-M17
9.0.0-M18
9.0.0-M19
9.0.0-M2
9.0.0-M20
9.0.0-M21
9.0.0-M22
9.0.0-M23
9.0.0-M24
9.0.0-M25
9.0.0-M26
9.0.0-M27
9.0.0-M3
9.0.0-M4
9.0.0-M5
9.0.0-M6
9.0.0-M7
9.0.0-M8
9.0.0-M9
9.0.28

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-2684.json"