CVE-2019-12402

Published Aug 30, 2019
Last updated a year ago
CVSS high 7.5
Overview

Description: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
Source: security@apache.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-835
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "915E4B88-B2DA-40C0-AD95-9888FD42EEAF",
            "versionEndIncluding": "1.18",
            "versionStartIncluding": "1.15"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FF46C9A-7768-4E52-A676-BEA6AE766AD4",
            "versionEndIncluding": "14.4.0",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
            "versionEndIncluding": "8.2.2",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
            "versionEndIncluding": "8.2.2",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
            "versionEndIncluding": "8.2.2",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18"
          },
          {
            "criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "991A279B-9D7C-4E39-8827-BC21C2C03B83"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A69266D2-72D0-4A6C-883D-2597FE30931B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99BA317E-3C52-4BAF-B61C-803B7208C155"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "929638B0-AAD1-4326-9549-2FA8D03AA7ED"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "597495A7-FE17-4B31-804D-B28C2B872B4D",
            "versionEndIncluding": "18.8.8",
            "versionStartIncluding": "18.8.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B201A85E-1310-46B8-8A3B-FF7675F84E09"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
