There are no workarounds available. This vulnerability can be exploited through network connection by sending specially crafted network packets.

CVE-2018-3090 - Incorrect Access Control in InlineJunctionCloser.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on January 25, 2019.

CVE-2018-3091 - Incorrect Access Control in Disassembler.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on January 25, 2019.

CVE-2019-2066 - Incorrect Access Control in JniEntry.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on January 25, 2019.

CVE-2019-2067 - Incorrect Access Control in NetworkAdapter.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on January 25, 2019.

CVE-2019-2068 - Incorrect Access Control in DirectCall.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on January 25, 2019.

CVE-2019-2069 - Incorrect Access Control in GenericHost.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on

How to check if you are affected by InlineJunction Closer.java


To check if you are affected by InlineJunctionCloser.java, you can use the following steps:

1. Open a terminal window on your computer
2. Enter the following command:
javax.net.ssl.SSLException: No connection could be made because the target machine actively refused it

QEMU:

What vulnerability is this?
CVE-2019-2069 - Incorrect Access Control in GenericHost.java lets attackers to unintentionally close a connection. This issue can be exploited through XSS. This issue was publicly disclosed on January 25, 2019.
This vulnerability allows for attackers to exploit an unauthenticated session in a way that would allow the attacker to perform malicious actions with the privileges of the target user. The vulnerability exists because QEMU miscalculates the size of memory allocation made to a file descriptor when it performs input/output operations, resulting in the size not being large enough to hold all of the data read from or written to the file descriptor.

The vulnerability is present in all versions of QEMU which were released between January 8, 2003 and December 31, 2018, including all development versions during that time period.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/20/2022 05:40:00 UTC

References