Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12402

Опубликовано: 30 авг. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*
Версия от 1.15 (включая) до 1.18 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*
Версия от 14.1.0 (включая) до 14.4.0 (включая)
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.2 (включая)
cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.2 (включая)
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.2 (включая)
cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
Версия от 18.8.0 (включая) до 18.8.8 (включая)
cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00382
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

ubuntu логотип

CVE-2019-12402

CVSS3: 7.5
ubuntu
больше 6 лет назад

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

redhat логотип

CVE-2019-12402

CVSS3: 7.5
redhat
больше 6 лет назад

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

debian логотип

CVE-2019-12402

CVSS3: 7.5
debian
больше 6 лет назад

The file name encoding algorithm used internally in Apache Commons Com ...

github логотип

GHSA-53x6-4x5p-rrvv

CVSS3: 7.5
github
больше 6 лет назад

Denial of Service in Apache Commons Compress

fstec логотип

BDU:2020-02116

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость архиватора Apache Commons Compress, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 59%
0.00382
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835