CVE-2012-2098
 
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Vulnerabilidad de complejidad algorítmica en los algoritmos de ordenamiento de compresión de "stream" bzip2 (BZip2CompressorOutputStream) de Apache Commons Compress anteriores a 1.4.1. Permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU) a través de un archivo con muchas entradas repetidas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-04 CVE Reserved
- 2012-05-24 CVE Published
- 2024-01-28 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (18)
URL | Tag | Source |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html | Mailing List | |
http://osvdb.org/82161 | Broken Link | |
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html | Third Party Advisory | |
http://secunia.com/advisories/49286 | Third Party Advisory | |
http://www-01.ibm.com/support/docview.wss?uid=swg21644047 | Third Party Advisory | |
http://www.openwall.com/lists/oss-security/2023/09/13/3 | Mailing List | |
http://www.securityfocus.com/bid/53676 | Third Party Advisory | |
http://www.securitytracker.com/id?1027096 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/75857 | Third Party Advisory | |
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E | Mailing List | |
https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Commons Compress Search vendor "Apache" for product "Commons Compress" | < 1.4.1 Search vendor "Apache" for product "Commons Compress" and version " < 1.4.1" | - |
Affected
|