-
Notifications
You must be signed in to change notification settings - Fork 0
Amazon Corretto Java 11.x 11.0.19.7.1 Multiple Vulnerabilities
Fabien edited this page May 22, 2024
·
1 revision
Amazon Corretto is a no-cost, multi-platform, production-ready distribution of the OpenJDK. The version 11.x of Amazon Corretto, prior to 11.0.19.7.1, contains multiple security vulnerabilities that can lead to remote code execution, information disclosure, and other significant security risks.
- Severity: High
- Remote Code Execution (RCE): Certain vulnerabilities can allow attackers to execute arbitrary code, potentially leading to full system compromise.
- Information Disclosure: Specific flaws may expose sensitive data to unauthorized users, which can lead to further attacks.
- Denial of Service (DoS): Some vulnerabilities can be exploited to make Java applications unresponsive, causing service disruptions.
- Privilege Escalation: Vulnerabilities can sometimes be exploited to gain higher privileges on the affected systems.
- Improper Input Validation: Many vulnerabilities arise from the platform's failure to adequately validate inputs, which can lead to various injection attacks.
- Insecure Configuration: Incorrect or insecure default configurations can expose Java applications to potential exploits.
- Outdated Versions: Running outdated versions of Amazon Corretto that have not been updated with security patches.
- Complexity and Legacy Code: The extensive and complex nature of Java SE, including legacy code, can harbor hidden vulnerabilities.
-
Regular Updates:
- Ensure that Amazon Corretto is updated to the latest version, at least 11.0.19.7.1 or newer, to mitigate known vulnerabilities.
-
Secure Coding Practices:
- Implement secure coding practices to avoid common pitfalls that lead to vulnerabilities. Use libraries and frameworks that provide enhanced security features.
-
Configuration Hardening:
- Harden Java configuration settings. Disable unnecessary features and services, and ensure that security features like the Java Security Manager are properly configured.
-
Monitoring and Auditing:
- Regularly monitor and audit Java applications for suspicious activities and vulnerabilities. Use tools and services that can help in identifying and mitigating risks.
- CVE-2023-21930: A vulnerability in the Java SE Libraries that allows RCE.
- CVE-2023-21937: A vulnerability in the Java SE Libraries that allows privilege escalation.
- CVE-2023-21945: A vulnerability in the Java SE Libraries that leads to information disclosure.
- CVE-2023-21967: A vulnerability in the Java SE Libraries that can cause DoS.
N/A
- Home - Return to this main page.
- Explore detailed vulnerability categories and entries via the sidebar.
- Microsoft Teams < 1.6.0.11166 Information Disclosure↗
- Microsoft Teams < 1.6.0.18681 RCE↗
- Microsoft Windows Unquoted Service Path Enumeration↗
- Microsoft XML Parser (MSXML) and XML Core Services Unsupported↗
- Security Updates for Microsoft .NET Framework↗
- Security Updates for Microsoft Office Products C2R↗
- Security Updates for Microsoft SQL Server↗
- Windows Defender Antimalware/Antivirus Signature Definition Check↗
- Windows Speculative Execution Configuration Check↗
- WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation↗
- SSL Certificate Cannot Be Trusted↗
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits↗
- SSL Certificate with Wrong Hostname↗
- SSL Medium Strength Cipher Suites Supported (SWEET32)↗
- SSL Self-Signed Certificate↗
- SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)↗
- TLS Version 1.0 Protocol Detection↗
- TLS Version 1.1 Protocol Deprecated↗
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities↗
- Apache Log4j Vulnerabilities↗
- Apache Solr Unauthenticated Access Information Disclosure↗
- Apache Struts Vulnerabilities↗
- Apache Tomcat Vulnerabilities↗
- Amazon Corretto Java 11.x < 11.0.19.7.1 Multiple Vulnerabilities↗
- OpenJDK Vulnerabilities↗
- Oracle Java SE Vulnerabilities↗
- 7-Zip < 23.00 Multiple Vulnerabilities↗
- Adobe Acrobat Vulnerabilities↗
- AMQP Cleartext Authentication↗
- Artifex Ghostscript < 10.2.1 DoS↗
- Chargen UDP Service Remote DoS↗
- Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)↗
- Echo Service Detection↗
- HSTS Missing From HTTPS Server (RFC 6797)↗
- HTTP TRACE / TRACK Methods Allowed↗
- Insecure Windows Service Permissions↗
- Keepass < 2.54 Information disclosure↗
- Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities↗
- Quote of the Day (QOTD) Service Detection↗
- VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass↗
- X Server Detection↗
- Template -> Use this template for new vulnerabilities