Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
BID:53676
Info
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
| Bugtraq ID: | 53676 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-2098 |
| Remote: | Yes |
| Local: | No |
| Published: | May 24 2012 12:00AM |
| Updated: | Apr 13 2015 10:05PM |
| Credit: | David Jorm of the Red Hat Security Response Team |
| Vulnerable: |
Sonatype Plexus-Archiver 2.3 Oracle Solaris 11.1 Oracle Solaris 10 IBM Websphere Application Server 8.5 IBM Websphere Application Server 8.0 IBM Websphere Application Server 7.0 IBM Websphere Application Server 7 IBM Websphere Application Server 6.1 IBM Tivoli Integrated Portal 2.2 IBM Tivoli Integrated Portal 2.1 IBM Tivoli Integrated Portal 1.1 Apache Commons Compress 1.4 Apache Commons Compress 1.0 Apache Ant 1.6.2 Apache Ant 1.8.3 Apache Ant 1.5 |
| Not Vulnerable: |
IBM Websphere Application Server 8.5.5.1 IBM Websphere Application Server 8.0.0.7 IBM Websphere Application Server 7.0.0.31 IBM Websphere Application Server 6.1.0.47 Apache Commons Compress 1.4.1 Apache Ant 1.8.4 |
Discussion
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
Apache Commons Compress and Apache Ant are prone to a remote denial-of-service vulnerability.
Attackers may leverage this issue to cause denial-of-service conditions.
The following versions are vulnerable:
Commons Compress 1.0 through 1.4
Ant 1.5 through 1.8.3
Apache Commons Compress and Apache Ant are prone to a remote denial-of-service vulnerability.
Attackers may leverage this issue to cause denial-of-service conditions.
The following versions are vulnerable:
Commons Compress 1.0 through 1.4
Ant 1.5 through 1.8.3
Exploit / POC
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
References:
References:
- Algorithmic complexity vulnerability in Apache Ant (Oracle)
- Apache Ant Security Reports (Apache)
- Apache Homepage (Apache)
- Bug 951521 - plexus-archiver: Uses embedded bzip implementation from apache-comm (Red Hat Bugzilla)
- Use apache-commons-compress for bzip2 compression/decompression (GitHub)
- Algorithmic complexity vulnerability in Apache Ant (Oracle)
- Fixed in Apache Commons Compress 1.4.1 (Apache)
- Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere App (IBM)
- Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere App (IBM)
- TIP/eWAS fix for Apache Ant DoS Vulnerability CVE-2012-2098 (IBM)