CVE-2019-12402 in Oracle JDeveloperinfo

Summary

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Reservation

05/28/2019

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
179101	Oracle JDeveloper Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2019-12402
178948	Oracle Essbase Apache Commons Compress infinite loop	835	Not defined	Official fix	CVE-2019-12402
173513	Oracle WebCenter Portal Security denial of service	404	Not defined	Official fix	CVE-2019-12402
168341	Oracle Hyperion Infrastructure Technology Installation/Configuration denial of service	404	Not defined	Official fix	CVE-2019-12402
168244	Oracle Banking Platform Party/Financials denial of service	404	Not defined	Official fix	CVE-2019-12402
163041	Oracle Communications Session Route Manager denial of service	404	Not defined	Official fix	CVE-2019-12402
163040	Oracle Communications Session Report Manager denial of service	404	Not defined	Official fix	CVE-2019-12402
163038	Oracle Communications Element Manager denial of service	404	Not defined	Official fix	CVE-2019-12402
158243	Oracle FLEXCUBE Investor Servicing Infrastructure resource management	399	Not defined	Official fix	CVE-2019-12402
153346	Oracle Primavera Gateway Admin resource management	399	Not defined	Official fix	CVE-2019-12402
141105	Apache Commons Compress File Name Encoding resource management	399	Not defined	Not defined	CVE-2019-12402

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!