---

CVE-2021-35565 - log back

CVE-2021-35565 edited at 20 Oct 2021 17:24:23
Description	- Vulnerability in Java SE versions 7u311, 8u301, 11.0.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. + A security issue has been found in OpenJDK before versions 7u321, 8u312 and 11.0.13 in the core-libs/java.net component. An easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise OpenJDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OpenJDK. Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
References	+ https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19 https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA
Notes

CVE-2021-35565 edited at 20 Oct 2021 11:11:30
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ Vulnerability in Java SE versions 7u311, 8u301, 11.0.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. + + Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
References	+ https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA

CVE-2021-35565 created at 20 Oct 2021 11:09:23