Versio.io

CVE-2019-12402

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 30-08-2019 11:15
Last modified: - 14-05-2022 05:15
Total changes: - 8

Description

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=apache AND product=commons_compress AND versionEndIncluding=1.18 AND versionStartIncluding=1.15
OR
vendor=fedoraproject AND product=fedora AND version=30
vendor=fedoraproject AND product=fedora AND version=31
OR
vendor=oracle AND product=flexcube_investor_servicing AND version=12.3.0
vendor=oracle AND product=flexcube_investor_servicing AND version=12.1.0
vendor=oracle AND product=retail_xstore_point_of_service AND version=15.0
vendor=oracle AND product=flexcube_private_banking AND version=12.1.0
vendor=oracle AND product=flexcube_private_banking AND version=12.0.0
vendor=oracle AND product=retail_integration_bus AND version=15.0
vendor=oracle AND product=webcenter_portal AND version=12.2.1.3.0
vendor=oracle AND product=flexcube_investor_servicing AND version=12.4.0
vendor=oracle AND product=peoplesoft_enterprise_pt_peopletools AND version=8.56
vendor=oracle AND product=retail_xstore_point_of_service AND version=16.0
vendor=oracle AND product=banking_payments AND versionEndIncluding=14.4.0 AND versionStartIncluding=14.1.0
vendor=oracle AND product=banking_platform AND version=2.6.2
vendor=oracle AND product=banking_platform AND version=2.7.0
vendor=oracle AND product=banking_platform AND version=2.8.0
vendor=oracle AND product=banking_platform AND version=2.9.0
vendor=oracle AND product=communications_ip_service_activator AND version=7.3.0
vendor=oracle AND product=communications_ip_service_activator AND version=7.4.0
vendor=oracle AND product=communications_session_route_manager AND versionEndIncluding=8.2.2 AND versionStartIncluding=8.2.0
vendor=oracle AND product=customer_management_and_segmentation_foundation AND version=18.0
vendor=oracle AND product=flexcube_investor_servicing AND version=14.0.0
vendor=oracle AND product=flexcube_investor_servicing AND version=14.1.0
vendor=oracle AND product=hyperion_infrastructure_technology AND version=11.1.2.4
vendor=oracle AND product=jdeveloper AND version=12.2.1.4.0
vendor=oracle AND product=primavera_gateway AND versionEndIncluding=18.8.8 AND versionStartIncluding=18.8.0
vendor=oracle AND product=primavera_gateway AND version=19.12.0
vendor=oracle AND product=retail_integration_bus AND version=16.0
vendor=oracle AND product=retail_xstore_point_of_service AND version=17.0
vendor=oracle AND product=retail_xstore_point_of_service AND version=18.0
vendor=oracle AND product=retail_xstore_point_of_service AND version=19.0
vendor=oracle AND product=webcenter_portal AND version=12.2.1.4.0
vendor=oracle AND product=communications_element_manager AND versionEndIncluding=8.2.2 AND versionStartIncluding=8.2.0
vendor=oracle AND product=communications_session_report_manager AND versionEndIncluding=8.2.2 AND versionStartIncluding=8.2.0
vendor=oracle AND product=essbase AND version=21.2
vendor=oracle AND product=peoplesoft_enterprise_pt_peopletools AND version=8.57
vendor=oracle AND product=peoplesoft_enterprise_pt_peopletools AND version=8.58
 

Reference

 


Keywords

NVD

 

CVE-2019-12402

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.