Vulnerabilites related to oracle - retail_eftlink
Vulnerability from fkie_nvd
Published
2021-07-15 17:15
Modified
2024-11-21 06:10
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "BBBFAC86-5AEA-467D-93ED-FD4DAB3469A2", versionEndExcluding: "9.4.43", versionStartIncluding: "9.4.37", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "9BE0C2EA-CCA1-4ADF-99AC-B34D6713F0C6", versionEndExcluding: "10.0.6", versionStartIncluding: "10.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "3DBE2C80-1D28-4BCA-9969-C6DB35E64BEC", versionEndExcluding: "11.0.6", versionStartIncluding: "11.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "73F81EC3-4AB0-4CD7-B845-267C5974DE98", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", matchCriteriaId: "214712B6-59AF-4B5E-84BF-AF3C74A390EA", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "DC01D8F3-291A-44E5-99C1-6771F6656E0E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "B6B6FE82-7BFA-481D-99D6-789B146CA18B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DAEB09CA-9352-43CD-AF66-92BE416E039C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "0AB059F2-FEC4-4180-8A90-39965495055E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "5A276784-877B-4A29-A8F1-70518A438A9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "590ADE5F-0D0F-4576-8BA6-828758823442", versionEndIncluding: "8.5.0.2", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "55F091C7-0869-4FD6-AC73-DA697D990304", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4D134C60-F9E2-46C2-8466-DB90AD98439E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*", matchCriteriaId: "105BF985-2403-455E-BAA1-509245B54A1D", versionEndExcluding: "22.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "847E8F6A-6115-4CCB-B16B-5DA8427958C4", versionEndExcluding: "19.1.0.0.6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*", matchCriteriaId: "8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.", }, { lang: "es", value: "Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser diseñados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variación de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5", }, ], id: "CVE-2021-34429", lastModified: "2024-11-21T06:10:23.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-15T17:15:08.637", references: [ { source: "emo@eclipse.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210819-0006/", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210819-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-551", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "8E5C8636-6A10-4B28-A8CA-E6E33D0CE689", versionEndExcluding: "2.3.2", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "19DA22A8-0B29-4181-B44E-57D28D9DB331", versionEndExcluding: "2.12.3", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "CDCA55AC-0DB9-430E-B0EE-858C0D507BEC", versionEndExcluding: "2.13.2", versionStartIncluding: "2.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*", matchCriteriaId: "C6092C11-7779-451C-94F9-24FA2F2010FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "49ACFC73-A509-4D1C-8FC3-F68F495AB055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "615C7D0D-A9D5-43BA-AF61-373EC1095354", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "F2BB6A71-6AF6-4C0B-9304-4111E32108D4", versionEndIncluding: "8.1.0.0.0", versionStartIncluding: "8.0.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*", matchCriteriaId: "EB4FBBDC-0AAF-4E9B-9902-02E7B4EF4E68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "080BBC04-92B9-4910-8859-44097610C016", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "6EC0B307-B9D2-497B-81CF-B435ABFB1CFA", versionEndIncluding: "11.7.0", versionStartIncluding: "11.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DEFE7E72-D419-4040-81AB-B4934C13909F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C666FA96-3809-475C-B68F-29E59BD51959", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:*", matchCriteriaId: "F10A0811-E8DA-4A8C-ACD4-424B278324BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:*", matchCriteriaId: "1AECBFB1-D3BC-49ED-9DE8-E51AE25B10CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:*", matchCriteriaId: "41FDC9F1-6F9F-4579-828E-BD07F3D2B3D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:*", matchCriteriaId: "CFC17C75-5423-4215-8E72-F41DDDC1C5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:*", matchCriteriaId: "6F16267D-963E-41B2-B809-EBBFF44C5097", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "9C6B223B-84FE-4B1E-B2E7-AB5E614D1D79", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "F1A71170-4959-41E8-A0E3-E463522E6F30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:*", matchCriteriaId: "F36E966F-541C-4F6E-9FEF-5E4DB99DFDD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F607BB7D-BC1D-4153-B2B8-DB2B71EB7B98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15512D27-7BEB-4DDD-9A1B-447FC7156E3D", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "90F0B2AB-453C-4585-8753-74D17BD20C79", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44357172-4035-4D57-9C83-D80BDDE8E8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "254D8CE1-E821-44A6-9CAF-03D03986478B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "360B307A-3D7F-4B38-8248-76CF8318B023", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*", matchCriteriaId: "CBEEB907-B163-43FF-86DE-4387123DCC4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", matchCriteriaId: "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "1240ECE3-BF51-4558-B3B5-682F202BF938", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:*", matchCriteriaId: "C2774D05-D03B-4754-814E-7554351CB9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*", matchCriteriaId: "CE7DB324-98A0-40AD-96D4-0800340F6F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "80BF5DE6-E786-4207-BA3F-E8052860B25D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "28BE7634-CB02-4808-AB78-E7C6C3CDA6FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "8B7C509B-9DD8-4926-A0A8-0F5C0216CBEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:*", matchCriteriaId: "26862826-409F-487F-9E8F-C72E9016AB02", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:*", matchCriteriaId: "7BA45E7A-4386-42D3-9384-C59DD8F7386F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:*", matchCriteriaId: "1F9D6342-451D-40D7-9CC7-638B003B5EFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6D325A0-3441-41AC-B00F-F2A7F85370A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", matchCriteriaId: "78D8F551-8DC8-4510-8350-AE6BC64748DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*", matchCriteriaId: "7AACBCC9-FDAC-42DF-B931-BD908CAF5C65", versionEndIncluding: "21.9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "0D9E0011-6FF5-4C90-9780-7A1297BB09BF", versionEndIncluding: "21.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "789DA537-09EA-485F-B41A-CB7E0B513C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:*", matchCriteriaId: "8D379FFE-8A9A-4B9F-B4E3-5315BA4F973E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*", matchCriteriaId: "05508099-EEB4-4CE6-8621-D07A5B8B16D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7737E073-B46E-456E-807C-FBEA43872A33", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D883EED9-CC64-479D-9C0A-35EB16F43AB4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", matchCriteriaId: "84E23FBA-2A0E-426E-8912-193C33E351EE", versionEndExcluding: "1.2.18.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", }, { lang: "es", value: "Validación incorrecta del certificado con desajuste de host en el apéndice SMTP de Apache Log4j. Esto podría permitir que una conexión SMTPS fuera interceptada por un ataque de tipo man-in-the-middle que podría filtrar cualquier mensaje de registro enviado a través de ese appender. Corregido en Apache Log4j 2.12.3 y 2.13.1", }, ], id: "CVE-2020-9488", lastModified: "2024-11-21T05:40:45.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T16:15:12.897", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-08 15:15
Modified
2024-11-21 04:18
Severity ?
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*", matchCriteriaId: "552F082C-38E5-49A9-A451-71B6ECAF21B2", versionEndExcluding: "6.0.18", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "A82A1C19-F8AE-4DA9-891D-247F07D57605", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "E38B943A-B167-4EAD-9308-47FF525BE57A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*", matchCriteriaId: "6766965C-2991-4559-975B-9E864DF8F10D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*", matchCriteriaId: "E6CD7403-23C7-488F-84EC-1F0C675E87D3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*", matchCriteriaId: "A0033893-4CA9-41F4-8FF0-3BE20F5BE1C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*", matchCriteriaId: "EEB7C69E-FA13-43AB-89AD-FE1E4687E02A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*", matchCriteriaId: "077732DB-F5F3-4E9C-9AC0-8142AB85B32F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*", matchCriteriaId: "2BF03A52-4068-47EA-8846-1E5FB708CE1A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", matchCriteriaId: "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*", matchCriteriaId: "ADB40F59-CAAE-47D6-850C-12619D8D5B34", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*", matchCriteriaId: "341E6313-20D5-44CB-9719-B20585DC5AD6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", matchCriteriaId: "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", matchCriteriaId: "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", matchCriteriaId: "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "DC01D8F3-291A-44E5-99C1-6771F6656E0E", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*", matchCriteriaId: "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A287FA5D-D7D9-40B4-8DB2-1D7CE1808408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "20EB3430-0FF2-4668-BB20-A5611ACC73F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", matchCriteriaId: "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "432BFCF5-A5DC-487C-A111-DE70AB3FCDAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*", matchCriteriaId: "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "06480458-3216-4C42-9270-F68A41EEC147", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "480BF1CB-11D7-4D86-A99E-960F316F2E1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BB124AD9-8000-449B-8219-0FF011F86B03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F84E5662-0289-4ED5-A112-BC506508216C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AD312681-73A4-4B21-BDE8-50DED7E3E0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "E67940FD-3BA7-40A8-8E40-44B37D23E2DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "EE6EB4DE-33DA-4810-96BD-29C82B433714", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*", matchCriteriaId: "0C446826-EF5B-4937-ADB4-1102F9F39304", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F7FCB446-49A7-48B9-8808-E72A4E2E48C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9E9B2F53-257E-49E2-83C3-0840BDB4D67C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6CF34B1B-0FC0-4EA6-830D-D2191337D451", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09B79608-5D94-45C3-ADF0-B181B92C3014", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "25193811-46CE-4A0E-B22D-67BE99FAD450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*", matchCriteriaId: "869D51B3-FB50-4BD6-8A0C-D0984267525F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*", matchCriteriaId: "08B8F413-2000-493B-82B1-BEFE343BB8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*", matchCriteriaId: "042269E6-D3B4-4867-86FA-9301FACA9FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", matchCriteriaId: "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", matchCriteriaId: "86F03B63-F922-45CD-A7D1-326DB0042875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1F834ACC-D65B-4CA3-91F1-415CBC6077E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*", matchCriteriaId: "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "473749BD-267E-480F-8E7F-C762702DB66E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", matchCriteriaId: "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*", matchCriteriaId: "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6", versionEndIncluding: "2.4.0", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5E502A46-BAF4-4558-BC8F-9F014A2FB26A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C542DC5E-6657-4178-9C69-46FD3C187D56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "6D0F559E-0790-461B-ACED-5B00F4D40893", versionEndIncluding: "2.4.1", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5CD806C1-CC17-47BD-8BB0-9430C4253BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "274A0CF5-41E8-42E0-9931-F7372A65B9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*", matchCriteriaId: "BEF828F5-C666-40DA-98DD-CDF658D7090B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BA8461A2-428C-4817-92A9-0C671545698D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B2CEA84-0983-4C40-B923-99244ABCF32D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2FD798A8-38B7-42C1-9043-863D16CE7ACA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "2A3622F5-5976-4BBC-A147-FC8A6431EA79", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "F012E976-E219-46C2-8177-60ED859594BE", versionEndIncluding: "11.3.2", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "787E2C1B-9BAD-4018-8495-E9BE75628BB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "B0111372-B39F-4B3D-8136-44C2C1CFD12B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*", matchCriteriaId: "5A9E4125-B744-4A9D-BFE6-5D82939958FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*", matchCriteriaId: "261212BD-125A-487F-97E8-A9587935DFE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "4063FAD6-21D4-42C7-87C0-D299532E0982", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E8A8C3-253A-4BDD-9AD2-4445DC387B4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "98FB24DB-AF91-48D0-9CA5-C8250D183FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "868E7C46-7E45-4CFA-8A25-7CBFED912096", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "B6B6FE82-7BFA-481D-99D6-789B146CA18B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "5D423B62-8EFE-4EFD-A986-5F5ECE5B892F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "8E463039-5E48-4AA0-A42B-081053FA0111", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DAEB09CA-9352-43CD-AF66-92BE416E039C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "45E5C9B0-AB25-4744-88E4-FD0C4A853001", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "A442DA9E-FF9A-4C51-9D3E-68D09C8BB472", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "0AB059F2-FEC4-4180-8A90-39965495055E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "5A276784-877B-4A29-A8F1-70518A438A9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "59275C23-53C0-4890-A941-A71226B50CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", matchCriteriaId: "0535B116-57D6-4448-86A2-09BCE50894B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F88A2F3-E201-4C68-8D11-0A5C76CDB071", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CBD877F8-E6EF-4314-AAC0-36F81F4908DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3D7356B6-E197-4978-BF18-2CFD4D350A76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "93BE4838-1144-4A6A-ABDB-F2766E64C91C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "1B54457C-8305-4F82-BE1E-DBA030A8E676", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C756C62B-E655-4770-8E85-B1995889E416", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93F65B4C-59D5-450A-9955-7FDA32252B0F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "A67AA54B-258D-4D09-9ACB-4085E0B3E585", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", matchCriteriaId: "A6BD600E-F3E9-40CE-9414-1D4506ACC1D8", versionEndIncluding: "8.5.1.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "95A3E946-BBD5-4BCB-B864-FB3BF5DE56D0", versionEndIncluding: "16.4", versionStartIncluding: "16.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", matchCriteriaId: "46E23F2E-6733-45AF-9BD9-1A600BD278C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", matchCriteriaId: "E812639B-EE28-4C68-9F6F-70C8BF981C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", matchCriteriaId: "64BCB9E3-883D-4C1F-9785-2E182BA47B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "26940103-F37C-4FBD-BDFD-528A497209D6", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A23B00C1-878A-4B55-B87B-EFFFA6A5E622", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", matchCriteriaId: "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", matchCriteriaId: "F545DFC9-F331-4E1D-BACB-3D26873E5858", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", matchCriteriaId: "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", matchCriteriaId: "B98BAEB2-A540-4E8A-A946-C4331B913AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B8FBE260-E306-4215-80C0-D2D27CA43E0F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D7B49D71-6A31-497A-B6A9-06E84F086E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", matchCriteriaId: "E6235EAE-47DD-4292-9941-6FF8D0A83843", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", matchCriteriaId: "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", matchCriteriaId: "C05190B9-237F-4E2E-91EA-DB1B738864AD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "9C416FD3-2E2F-4BBC-BD5F-F896825883F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D886339E-EDB2-4879-BD54-1800E4CA9CAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "6814B606-D054-433C-A46E-0F6E338E1C46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "1F05AF4B-A747-4314-95AE-F8495479AB3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4F3D40B7-925C-413D-AFF3-60BF330D5BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*", matchCriteriaId: "B2204841-585F-40C7-A1D9-C34E612808CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*", matchCriteriaId: "BDB96A21-161F-42A9-9402-FABEC9C0C15A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*", matchCriteriaId: "132DE874-6E47-452A-9FDD-27D5A41F046E", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "135D531C-A692-4BE3-AB8C-37BB0D35559A", versionEndIncluding: "12.6.4", versionStartIncluding: "12.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*", matchCriteriaId: "7E6DF81E-E392-49E5-ADF4-510A3737A5CE", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*", matchCriteriaId: "4BE83BC6-5A6F-40A1-AAC7-314A575D8E07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "36CF85A9-2C29-46E7-961E-8ADD0B5822CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E80555C7-DA1C-472C-9467-19554DCE4476", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "C78A7E07-AB08-46C5-942D-B40BBE0C0D06", versionEndExcluding: "11.1.2.4.47", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "3197F464-F0A5-4BD4-9068-65CD448D8F4C", versionEndExcluding: "21.3", versionStartIncluding: "21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*", matchCriteriaId: "809FD6D6-D05D-4387-A725-F707015DEFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*", matchCriteriaId: "A093A76C-4B2C-4FAD-BFDF-09862F831102", versionEndExcluding: "11.1.2.4.47", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*", matchCriteriaId: "1A1277A9-C49C-4840-A118-986C10A07657", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*", matchCriteriaId: "03B9F810-EF80-4551-BA6D-027B0B2A787D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "1AC36036-07CE-4903-8FFB-445C6908F0CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "435FDFA1-BF6A-499D-BDB6-88A26648DFD5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AB3F3F63-9543-4568-BCB1-1CAF88384142", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "FC0C4CA4-1694-474E-8272-CF96E168D962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "93E953D0-9C0C-4B03-9939-384A1F7E2BC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "767CC73D-2771-4BBC-9D74-4416AEC6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "DAE3EA23-045D-474C-ABD8-916930D4E9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8FD060-E9A8-499C-87B0-AF7BBED7771F", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "10BBAD37-51A1-4819-807B-2642E9D4A69C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*", matchCriteriaId: "524429D6-8AF1-4713-A9B8-678B50A3762F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*", matchCriteriaId: "ED21B958-0FD0-4697-9CE2-266DEE4E29DC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "2177A5E9-B260-499E-8D60-920679518425", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6329B1A2-75A8-4909-B4FB-77AC7232B6ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "EA86EF7E-6162-4244-9C88-7AF5CAB787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "DE5EA810-3110-4343-9054-0FCFCD608C25", versionEndExcluding: "12.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "78A48EA9-1CAB-4DD2-9DAD-0213F6EFC48C", versionEndExcluding: "19.1.0.0.220118", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "71050E24-6915-4B5E-98ED-AFAA6C2FF38B", versionEndExcluding: "21.5.0.0.220118", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E7BE0590-31BD-4FCD-B50E-A5F86196F99E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", matchCriteriaId: "29312DB7-AFD2-459E-A166-95437ABED12C", versionEndExcluding: "21.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB8797ED-52E7-47B6-9F78-E2402671CCAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97C10FBE-FD9A-4739-9303-5B6FC7551D66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CF45C905-9EFF-4108-9B70-9FFDDD6627A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66C673C4-A825-46C0-816B-103E1C058D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "F88FB6C5-D797-4017-A285-D3BB24B55429", versionEndIncluding: "7.3.0.2", versionStartIncluding: "7.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "D747A956-40A6-47D8-A813-FA4E13CB557F", versionEndIncluding: "8.0.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E67501BE-206A-49FD-8CBA-22935DF917F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6F04B1BA-EA84-4AA3-B208-DECC33E192EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*", matchCriteriaId: "05F5B430-8BA1-4865-93B5-0DE89F424B53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*", matchCriteriaId: "B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*", matchCriteriaId: "CBDA65DE-5727-49DC-8D50-DA81DB3E8841", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*", matchCriteriaId: "A577DCD3-6730-441A-B3BD-6199483FB1E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*", matchCriteriaId: "577A07A9-DBB1-49E6-B2CC-60B917097472", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "49706536-CE9B-4713-8460-CC961B50C341", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F77F79-5E93-4FC2-84F2-26AF52B4C08A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*", matchCriteriaId: "781049BF-3467-4DB5-89D4-6A76984E0261", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*", matchCriteriaId: "058F9FC3-CA81-43BF-B083-DA8BE388E00A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "52C13DE5-CA3C-414F-8813-BB0847433151", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BD4EE554-DFE7-4C16-BC98-574DC97FC85C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EE4160ED-75F2-4499-AC6C-90CD092A46E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "2F03BFDA-6904-42D7-8170-D6FD143BB16C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C85900AC-11DA-4FA8-A1E0-270240BF4B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "87B4051B-EB98-4D10-99D9-F15B44DBC7F0", versionEndIncluding: "5.6.0", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00C9E689-ED91-4A9D-B9C0-5BF4EC131409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7EFA1879-0BF9-4493-9145-15100BC38C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EF958C28-4289-4433-8CD9-B6551F01926F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", matchCriteriaId: "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", matchCriteriaId: "5DEAB5CD-4223-4A43-AB9E-486113827A6C", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "9A94F93C-5828-4D78-9C48-20AC17E72B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E2B51896-E4DA-4FDA-979F-481FFB3E588A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*", matchCriteriaId: "9F0BF15F-D4D2-4A88-BA15-79B624C4AC7D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*", matchCriteriaId: "D63E2911-7DA8-41AC-AB7A-1AA29076F69F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*", matchCriteriaId: "674AFFA3-E9BA-4AFD-9A73-2A4A9DE427E5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "65D65139-BB80-4713-8E59-6CA1116DCC1D", versionEndExcluding: "9.2.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*", matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2E3E923-E2AD-400D-A618-26ADF7F841A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB58D27-37F2-4A32-B786-3490024290A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "AC7290F2-AF21-49B9-B3EF-869B7DE1A2AC", versionEndExcluding: "7.4.34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "00D3ECDE-287B-4336-898A-0DFEBE2AB6C3", versionEndExcluding: "7.5.24", versionStartIncluding: "7.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "105CBFD5-20DF-4BF0-9629-B87AF404E33D", versionEndExcluding: "7.6.20", versionStartIncluding: "7.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "E248F8CE-5B39-457D-A47E-620858340840", versionEndExcluding: "8.0.27", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD3AAAD-5F6E-4A3C-9CFC-EC4866628ABD", versionEndExcluding: "8.0.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*", matchCriteriaId: "9E1912FB-8ABF-4640-92E7-367A4923267C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "2C9E5736-6015-499E-A452-227DCFB87DA7", versionEndExcluding: "5.7.36", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F2B0D740-75B1-4953-A99F-965F999FDC64", versionEndExcluding: "8.0.27", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*", matchCriteriaId: "A3F3390B-4081-473F-A5E0-B5E3A3888F04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "3C56CECB-6B97-406C-8761-8B7F74CA7DEF", versionEndExcluding: "8.0.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "7167D144-C4AE-487F-B59A-888E10EA59DF", versionEndExcluding: "21.1.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B", versionEndExcluding: "2.12.42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E4859861-C2EC-489F-A3B7-ACF85C709C24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*", matchCriteriaId: "247C0D05-C76B-44BC-8750-C716FF980D70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "E2CB2872-747C-47AC-8463-DD759BF105B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "1DBC53C9-75EC-46F7-907D-63BB74864CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "D370F2E3-EF8A-440C-8319-D52FA3431428", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F47057A9-2DDE-4178-B140-F7D70EAED8F6", versionEndIncluding: "12.2.24", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9D8B3B57-73D6-4402-987F-8AE723D52F94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FA9948AB-0CA6-4148-949C-E500466B45F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "56D17905-5E69-4BD5-973B-30662AC3D678", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "70E72A74-F6A9-48EE-9279-3D9E53C2EC30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "F14C6AB5-CC45-4753-A60F-1F527B063127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "583BBDF1-DBE4-486D-ABF8-7D2B0408490A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "C9810151-6F80-48FD-A51E-F063EB2B7324", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", versionEndIncluding: "18.8.13", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4096281D-2EBA-490D-8180-3C9D05EB890A", versionEndIncluding: "19.12.12", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", matchCriteriaId: "15F45363-236B-4040-8AE4-C6C0E204EDBA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DAB9BA0D-7149-4221-A5AE-D4664E11C86F", versionEndIncluding: "17.12.0.0-17.12.20.0", versionStartIncluding: "17.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "CFE4EAC8-A743-4658-AD72-088A5E747180", versionEndIncluding: "18.8.24.0", versionStartIncluding: "18.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", versionEndIncluding: "19.12.18.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "651104CE-0569-4E6D-ACAB-AD2AC85084DD", versionEndIncluding: "20.12.12.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D89239-9142-46BD-846D-76A5A74A67B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E867F5E0-48A0-4D84-A0CA-A428FB2264D4", versionEndIncluding: "17.12.20.0", versionStartIncluding: "17.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "05B3FCDE-7EF8-49CA-9C09-9033E5D7B91E", versionEndIncluding: "18.8.24.0", versionStartIncluding: "18.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "05848067-59FF-4C90-A8BA-D1E4311B3A82", versionEndIncluding: "19.12.17.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6AD8C8-96ED-4CFB-9953-99139FABCE35", versionEndIncluding: "20.12.9.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F67F218D-E827-482B-8417-483713F31D69", versionEndIncluding: "18.0.3.0", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "0ADB354B-AD0D-4EFA-B7C6-71A35FA0AFF9", versionEndIncluding: "19.0.1.2", versionStartIncluding: "19.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "53B3B01A-532C-45B7-9BFC-19AABF55644B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "683ABA64-9F16-4C23-8AF3-BB0C19FED9B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "CE004F32-F4DA-45A8-AD11-8924C4F1076A", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*", matchCriteriaId: "12F5FDCF-EA13-44F1-B3D8-94310CD3841C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "51E83F05-B691-4450-BCA9-32209AEC4F6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "288235F9-2F9E-469A-BE14-9089D0782875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6672F9C1-DA04-47F1-B699-C171511ACE38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11E57939-A543-44F7-942A-88690E39EABA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "90D4D479-0294-4F31-B719-8544C8DC4554", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "08DF20EA-D1A6-4437-90F6-C0C40273CE5B", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "B92BB355-DB00-438E-84E5-8EC007009576", versionEndIncluding: "19.0", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", matchCriteriaId: "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6B042849-7EF5-4A5F-B6CD-712C0B8735BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", matchCriteriaId: "A5F6FD19-A314-4A1F-96CB-6DB1CED79430", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "A921C710-1C59-429F-B985-67C0DBFD695E", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*", matchCriteriaId: "40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4EEF867A-587A-45E1-B2F6-0B903903F0F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFDF4CB0-4680-449A-8576-915721D59500", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0472632-4104-4397-B619-C4E86A748465", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*", matchCriteriaId: "274999E6-18ED-46F0-8CF2-56374B3DF174", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", matchCriteriaId: "9002379B-4FDA-44F3-98EB-0C9B6083E429", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", matchCriteriaId: "476B038D-7F60-482D-87AD-B58BEA35558E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", matchCriteriaId: "AB86C644-7B79-4F87-A06D-C178E8C2B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", matchCriteriaId: "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3E1A9B0C-735A-40B4-901C-663CF5162E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "5B956113-5B3B-436D-858B-8F29FB304364", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "E0DD7FAB-0E0F-4319-95BF-C90881CE2E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DC456422-00B5-498E-A28E-EA834367D943", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "EFC5F424-119D-4C66-8251-E735EEFBC0BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5C745606-0EF8-4E57-BFBC-C3FB39CB7E1A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", matchCriteriaId: "0CE45891-A6A5-4699-90A6-6F49E60A7987", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "054F9E62-A6D6-4850-83AD-3628C74A4384", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D14A54A-4B04-41DE-B731-844D8AC3BE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "74ACC94B-4A9F-451D-B639-6008A108BDDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", matchCriteriaId: "667A06DE-E173-406F-94DA-1FE64BCFAE18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*", matchCriteriaId: "6CA63BB4-27A9-4B26-B01C-1F527C7B9454", versionEndExcluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D926BD38-E66E-41DA-9F65-40D68F8D8890", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "01E3B232-073E-433B-977A-1742B75109B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F6FDC33-D57E-4C6A-B633-BFC587147037", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F3B01572-9D32-44B2-8FCF-C282C887DB51", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "513AE97F-161C-43D2-B2D1-653125A9E920", versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "34656ECE-15CB-495C-8573-7C98B383F15B", versionEndExcluding: "21.1.1.1.0", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B4C338-11E1-4235-9D5A-960B2711AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "8C93F84E-9680-44EF-8656-D27440B51698", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "91A2A4B0-88FC-41D1-8719-4FAABED19F8E", versionEndExcluding: "6.1.32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "CB85582D-0106-47F1-894F-0BC4FF0B5462", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "7569C0BD-16C1-441E-BAEB-840C94BE73EF", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", matchCriteriaId: "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", matchCriteriaId: "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4DB505EC-A54C-4033-B3A6-24CEF87A855D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D4A48DA6-C5A5-4B3D-B43B-31380223A55A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BB27AABE-079B-4DF0-ABEF-0D3329685B1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "529D4274-F33B-47C7-A3FB-6F86096FD955", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6D2D622F-E345-4A4D-861F-6460DF56880C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "A534E662-66B7-448B-A763-6B043112C877", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FCBEE0C8-CC99-4A25-9342-208D4DB91AAD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "95541D18-5C33-49E9-924D-0B21162EC2C4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CE5C60CD-F890-4E3F-A2C3-9153591E7647", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "22FD4F61-0A4F-4C74-A852-B1CD3639E1D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. Esta vulnerabilidad puede resultar en un ataque de tipo XSS.", }, ], id: "CVE-2019-10219", lastModified: "2024-11-21T04:18:40.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-08T15:15:11.157", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-14 07:15
Modified
2024-11-21 06:13
Severity ?
Summary
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", matchCriteriaId: "C89ED6A3-3C13-4D67-A2B2-BF2A9FF9E03B", versionEndExcluding: "1.9.16", versionStartIncluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", matchCriteriaId: "87EE8429-8072-48A8-B406-3A8487A350B6", versionEndExcluding: "1.10.11", versionStartIncluding: "1.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", matchCriteriaId: "64750C01-21AC-4947-B674-6690EAAAC5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", matchCriteriaId: "3C3D0063-9458-4018-9B92-79A219716C10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A4CA84D6-F312-4C29-A02B-050FCB7A902B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", matchCriteriaId: "10323322-F6C0-4EA7-9344-736F7A80AA5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "B5B4A191-44AE-4C35-9164-19237D2CF013", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "A543B4F8-149A-48AB-B388-AB7FA2ECAC18", versionEndIncluding: "8.2.3", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", matchCriteriaId: "21CC9E01-616E-411B-B0C7-DE6E599D3319", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", matchCriteriaId: "1F015E20-7886-4713-B4EC-FE7894066D09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "69300B13-8C0F-4433-A6E8-B2CE32C4723D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "16F73C3A-A5C1-46F5-91E4-22F97A79E703", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D450B848-371E-4401-9DB0-27AF31B5D5EA", versionEndIncluding: "3.0.5", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4BE4F581-7DEF-4417-A55D-561BDAC5CA7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", matchCriteriaId: "8E883986-13DA-470F-95C4-BEBD0EDFEB9C", versionEndIncluding: "11.3.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "301E7158-9090-467C-B3B4-30A8DB3B395D", versionEndIncluding: "18.8.12", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BBEFACB1-C8EA-492B-8F85-A564DB363C83", versionEndIncluding: "19.12.11", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "7F978162-CB2C-4166-947A-9048C6E878BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", matchCriteriaId: "517E0654-F1DE-43C4-90B5-FB90CA31734B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*", matchCriteriaId: "43DA1635-08DA-434D-AA39-20D117468B5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "360B307A-3D7F-4B38-8248-76CF8318B023", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C401E65A-8FA0-44E6-9AFC-6CC06498122F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "83B5F416-56AE-4DC5-BCFF-49702463E716", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", matchCriteriaId: "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2F09182F-D0F2-41A7-A4AB-79099194B2CB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44AA1B51-8A24-48F0-B16F-803D69698707", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "919DED83-2F88-4202-9556-5F4E5E1E6790", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "97DD0665-C420-4F6F-AD1F-07674B13614E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", matchCriteriaId: "237968A4-AE89-44DC-8BA3-D9651F88883D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "1581DEE7-48C3-4832-B616-A25D9DD3E898", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "77326E29-0F3C-4BF1-905F-FF89EB9A897A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5D57F5CB-E566-450F-B7D7-DD771F7C746C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "C1933509-1BEA-45DA-B6AF-2713B432B1F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "4DA1BF68-635B-4577-B3F7-DEBC39567C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3B202AEF-1197-441B-8EA1-2913BFD8A545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "513AE97F-161C-43D2-B2D1-653125A9E920", versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.", }, { lang: "es", value: "Cuando se lee un archivo ZIP especialmente diseñado, o un formato derivado, se puede hacer que una compilación de Apache Ant asigne grandes cantidades de memoria que conlleva a un error de falta de memoria, incluso para entradas pequeñas. Esto puede ser usado para interrumpir las compilaciones usando Apache Ant. Los formatos derivados de los archivos ZIP comúnmente usados son, por ejemplo, los archivos JAR y muchos archivos de oficina. Apache Ant versiones anteriores a 1.9.16 y 1.10.11 estaba afectado", }, ], id: "CVE-2021-36374", lastModified: "2024-11-21T06:13:38.083", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-14T07:15:08.400", references: [ { source: "security@apache.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://ant.apache.org/security.html", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://ant.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-130", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-01 20:15
Modified
2024-11-21 04:59
Severity ?
Summary
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*", matchCriteriaId: "C7C6AA13-6D4A-44F8-99B2-68E1626DD57B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "B216FC24-1136-430F-B480-E3CFA1838B4B", versionEndExcluding: "6.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", matchCriteriaId: "AB612B4A-27C4-491E-AABD-6CAADE2E249E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D7C6438-6E88-41CD-BE34-90341030E41F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "69300B13-8C0F-4433-A6E8-B2CE32C4723D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "40F940AA-05BE-426C-89A3-4098E107D9A7", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6FB8AE1F-FA6B-4A5E-AA5B-D0B7C78FE886", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", versionEndIncluding: "16.2.11", versionStartIncluding: "16.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2D3D3B98-C309-4598-BBCD-AF944A13FDC1", versionEndIncluding: "17.12.9", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_category_management_planning_\\&_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5C054317-4891-44EE-B7E9-DD9B8E7BAE54", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E834CC29-EFFC-4B09-89FD-761E3744F23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "CADAC4BA-0451-4FFD-9071-087C8568C3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "17AEB94A-ED0B-4A2F-A03B-DD963E83CE73", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6B042849-7EF5-4A5F-B6CD-712C0B8735BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "FA800332-C6B9-4F05-9FB0-72C1040AAFD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "1DD30470-55C7-491F-A2FD-754CDF5A750F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "70B2E10E-2BFF-4E43-9EF8-3EF56FD252C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5929F6F2-853A-4FE0-8F64-0F7861091A03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "212A8F95-8EA0-471B-82D9-5DECCBCE5C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0922934E-2658-430F-99BE-A13C8A5F4338", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "86F5DE7E-2712-4A04-8FBE-AEE2CB3D03F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "D7FCC976-615C-4DE5-9F50-1B25E9553962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "84142490-E2D5-4B1F-A0D2-D2D68B120AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "74ACC94B-4A9F-451D-B639-6008A108BDDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.9:*:*:*:*:*:*:*", matchCriteriaId: "C4C6CCB0-241E-4295-B4D0-F021CEC660D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7C96F0D4-4640-447B-A3AB-0AACF2E80C84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8ACC6BE4-B48B-489F-93DB-82A72D1AA409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", matchCriteriaId: "78D8F551-8DC8-4510-8350-AE6BC64748DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*", matchCriteriaId: "EE6B6243-9FE9-432B-B5A8-20E515E06A93", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "513AE97F-161C-43D2-B2D1-653125A9E920", versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A5BBA303-8D2B-48C5-B52A-4E192166699C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", }, { lang: "es", value: "Como mitigación para CVE-2020-1945, Apache Ant versión 1.10.8, cambió los permisos de los archivos temporales que creó para que solo el usuario actual pudiera acceder a ellos. Desafortunadamente, la tarea fixcrlf eliminó el archivo temporal y creó uno nuevo sin dicha protección, anulando efectivamente el esfuerzo. Esto podría seguir permitiendo a un atacante inyectar archivos fuente modificados en el proceso de compilación", }, ], id: "CVE-2020-11979", lastModified: "2024-11-21T04:59:02.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-01T20:15:13.033", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-18", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-379", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-28 01:15
Modified
2024-11-21 05:20
Severity ?
Summary
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jetty | * | |
| eclipse | jetty | 10.0.0 | |
| eclipse | jetty | 10.0.0 | |
| eclipse | jetty | 10.0.0 | |
| eclipse | jetty | 10.0.0 | |
| eclipse | jetty | 10.0.0 | |
| eclipse | jetty | 11.0.0 | |
| eclipse | jetty | 11.0.0 | |
| eclipse | jetty | 11.0.0 | |
| netapp | oncommand_system_manager | * | |
| netapp | snap_creator_framework | - | |
| oracle | blockchain_platform | * | |
| oracle | communications_converged_application_server_-_service_controller | 6.2 | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | communications_pricing_design_center | 12.0.0.3.0 | |
| oracle | communications_services_gatekeeper | 7.0 | |
| oracle | communications_session_route_manager | * | |
| oracle | flexcube_private_banking | 12.0.0 | |
| oracle | flexcube_private_banking | 12.1.0 | |
| oracle | hyperion_infrastructure_technology | 11.1.2.6.0 | |
| oracle | rest_data_services | * | |
| oracle | retail_eftlink | 20.0.0 | |
| oracle | siebel_core_-_automation | * | |
| apache | kafka | 2.7.0 | |
| apache | spark | 2.4.8 | |
| apache | spark | 3.0.3 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "D3A7A01A-43C6-46A9-A130-63426D936FE7", versionEndExcluding: "9.4.35", versionStartIncluding: "9.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.0:alpha0:*:*:*:*:*:*", matchCriteriaId: "1990759E-0F78-46B3-AFBE-0DA9257A7859", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "E64388F4-6B8A-4E75-BE0A-6016C6FBD5DA", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.0:beta0:*:*:*:*:*:*", matchCriteriaId: "D150F823-216A-40FB-B995-FD6FFB41891A", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "B9774976-A762-4E10-B1C0-8FD8185DF334", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "334FAEF6-CEC6-445F-B52D-7FF38CDB9F79", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.0:alpha0:*:*:*:*:*:*", matchCriteriaId: "68AA0626-071A-48CE-82B5-80465F21C29F", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "A4ED8DCB-A1DA-44D1-B906-137E00EC51C2", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "5DF6B532-FC1B-429A-B06F-0361ED12CB2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B9273745-6408-4CD3-94E8-9385D4F5FE69", versionEndIncluding: "3.1.3", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D0DBC938-A782-433F-8BF1-CA250C332AA7", versionEndExcluding: "21.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", matchCriteriaId: "0535B116-57D6-4448-86A2-09BCE50894B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "49ACFC73-A509-4D1C-8FC3-F68F495AB055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D7B49D71-6A31-497A-B6A9-06E84F086E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1FDBAD8E-C926-4D6F-9FD2-B0428980D6DF", versionEndIncluding: "8.2.4", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "37A1E0FB-F706-4FB7-86E1-18268A744A80", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*", matchCriteriaId: "D0AFFDC9-8EBA-45A2-AD53-18E663AF4631", versionEndExcluding: "20.4.3.050.1904", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E834CC29-EFFC-4B09-89FD-761E3744F23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "BB179FD5-5BA4-43BD-BDAE-F30E2A1E8781", versionEndIncluding: "21.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:kafka:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "0E11C498-F3AF-4324-A427-735FB3DD46D9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:spark:2.4.8:*:*:*:*:*:*:*", matchCriteriaId: "63630C2A-F68C-491B-A5A5-FC15D44927CF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:spark:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0975A782-8D53-4C16-9271-D6C3ACEBF5C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.", }, { lang: "es", value: "En Eclipse Jetty versión 9.4.0.RC0 hasta 9.4.34.v20201102, 10.0.0.alpha0 hasta 10.0.0.beta2 y 11.0.0.alpha0 hasta 11.0.0.beta2, si la inflación del cuerpo de la petición GZIP está habilitada y solicita de diferentes clientes se multiplexan en una sola conexión, y si un atacante puede enviar una petición con un cuerpo que es recibido por completo pero no consumido por la aplicación, entonces una petición posterior en la misma conexión verá ese cuerpo antepuesto a su cuerpo. El atacante no verá ningún dato, pero puede inyectar datos en el cuerpo de la petición posterior", }, ], id: "CVE-2020-27218", lastModified: "2024-11-21T05:20:52.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-28T01:15:11.587", references: [ { source: "emo@eclipse.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1%40%3Cdev.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab%40%3Ccommits.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e%40%3Ccommits.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25%40%3Ccommits.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29%40%3Ccommits.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944%40%3Ccommits.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb%40%3Ccommits.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553%40%3Cdev.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88%40%3Cdev.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958%40%3Ccommits.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201218-0003/", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1%40%3Cdev.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab%40%3Ccommits.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e%40%3Ccommits.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25%40%3Ccommits.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29%40%3Ccommits.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944%40%3Ccommits.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb%40%3Ccommits.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88%40%3Cdev.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958%40%3Ccommits.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201218-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-226", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2025-04-20 01:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
References
Impacted products
{ cisaActionDue: "2022-04-15", cisaExploitAdd: "2022-03-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Apache Tomcat Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "A7286E06-DA84-401D-8FB8-DEEF6A171C88", versionEndExcluding: "7.0.82", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "2C385FE9-F78C-49BC-AE87-5FE1A9BD7ED3", versionEndExcluding: "8.0.47", versionStartIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "EF72650E-5826-4ABB-9B7D-43C96DB3B9B7", versionEndExcluding: "8.5.23", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "817D7E47-947E-4A2F-A8AB-1302D5DF6684", versionEndExcluding: "9.0.1", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", matchCriteriaId: "B3293E55-5506-4587-A318-D1734F781C09", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", matchCriteriaId: "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*", matchCriteriaId: "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", matchCriteriaId: "ED43772F-D280-42F6-A292-7198284D6FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "622B95F1-8FA4-4AA6-9B68-5FE4302BA150", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8B65CD29-C729-42AC-925E-014BA19581E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7E856B4A-6AE7-4317-921A-35B4D2048652", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "815E0C5E-00DF-4AD2-AE97-A752B3DC1631", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "4C3CFCCE-A8D4-4B78-9C37-88238580B5DA", versionEndIncluding: "7.3.5.3.0", versionStartIncluding: "7.3.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "9380A86A-7A58-477F-A697-B6692E18B4B9", versionEndIncluding: "8.0.9.0.0", versionStartIncluding: "8.0.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "657387A7-DFD9-4CDC-968A-3F3970FDE224", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C5E9A12-BFE9-4963-A360-A34168A6BF6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26CD44C0-F9DD-46F0-A4C1-2C2639217B4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:management_pack:11.2.1.0.13:*:*:*:*:goldengate:*:*", matchCriteriaId: "5EB9E1EA-E136-4B09-9BBB-D7D48D993349", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", matchCriteriaId: "98EE20FD-3D21-4E23-95B8-7BD13816EB95", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "78933DD0-F774-4E60-BC66-D5A57919717A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*", matchCriteriaId: "8ECA7A7E-8177-4FD4-B9B9-F4B1B6F43F98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*", matchCriteriaId: "73C9A2AD-F384-44D5-AB33-86B7250760A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:*:*:*:*:*:*:*", matchCriteriaId: "EEB4EB87-5ABB-437D-BDAC-FB64F33929FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*", matchCriteriaId: "FA3F5761-E2A0-4F67-BAE1-503877676BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*", matchCriteriaId: "C1E3C86B-4483-430A-856D-7EAB7D388D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "FF9C223C-BC90-4253-A009-53DEDEE9C1CC", versionEndIncluding: "3.3.6.3293", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "52886BA2-204E-4F0E-B22F-CE5FDFCC98B5", versionEndIncluding: "3.4.4.4226", versionStartIncluding: "3.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "6470AB3F-ADE2-4BA2-A6B9-E094C927CC77", versionEndIncluding: "4.0.0.5135", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*", matchCriteriaId: "D8193A06-3F6B-4F5A-AA58-B1B0AB3A87A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:*:*:*:*:*:*:*", matchCriteriaId: "FE65A212-7385-4973-A9C8-FB9C2F9F745F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", matchCriteriaId: "517E0654-F1DE-43C4-90B5-FB90CA31734B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "FB363B97-8D71-4FC5-AF88-B6A0040E3D04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "92978070-A3FD-45E7-8A19-C6324116416B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "74D44D74-4402-4569-B335-AFB5F80424ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "5ABB11E1-AD2A-47AA-A5AA-49D94B50CEC3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*", matchCriteriaId: "DA5B8931-D3B4-46A9-B1A0-9A6BBA365FC8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*", matchCriteriaId: "BD00C4A5-D05A-4C64-A50C-B8CE182FFB5E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:15.0.1:*:*:*:*:*:*:*", matchCriteriaId: "25AC9F0D-4476-41AC-A7AB-5DE52135D8D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A4DF6FE2-35CB-43AB-95F4-40C909DEC69F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*", matchCriteriaId: "5DCCBA87-C934-4B94-A5F2-B459FF9CBEC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_insights:14.1:*:*:*:*:*:*:*", matchCriteriaId: "1D962EF0-D6E1-4B1F-9F50-0E30C3B5CF4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_insights:15.0:*:*:*:*:*:*:*", matchCriteriaId: "9B3935CB-58D4-49A4-B3D4-D0DA0CD12F38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_insights:16.0:*:*:*:*:*:*:*", matchCriteriaId: "269BCEDB-57A1-4611-A009-29791E0EF9A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "51D1FAEE-65FD-47EB-9F4D-505C72000F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*", matchCriteriaId: "4C45FF05-FB76-4782-891E-F4A8A4871A22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*", matchCriteriaId: "5C03ED7B-3826-4D6D-89C5-61DE12E27213", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*", matchCriteriaId: "8893CB1D-F18C-404D-BC06-CA2617BFAE58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*", matchCriteriaId: "42227DD8-6671-4B38-9E42-4ACF78F09C97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*", matchCriteriaId: "69962BD9-A102-4621-9461-018E87261657", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*", matchCriteriaId: "788F2530-F011-4489-8029-B3468BAF7787", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*", matchCriteriaId: "7D939BB4-9D34-43A4-A19C-1CC90DB748FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:5.0:*:*:*:*:*:*:*", matchCriteriaId: "C4E864D4-96C0-4FD5-993F-7E2472893FF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", matchCriteriaId: "EAA4DF85-9225-4422-BF10-D7DAE7DCE007", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", matchCriteriaId: "77C2A2A4-285B-40A1-B9AD-42219D742DD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", matchCriteriaId: "EE8CF045-09BB-4069-BCEC-496D5AE3B780", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*", matchCriteriaId: "01FFED25-C781-45CA-8F3B-7A75D5F1E126", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:4.5:*:*:*:*:*:*:*", matchCriteriaId: "DA5092E0-0F34-4330-BE16-B0D5FF4C91E4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:4.7:*:*:*:*:*:*:*", matchCriteriaId: "BBBC99BE-E550-482C-B759-6032E6593D09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:5.0:*:*:*:*:*:*:*", matchCriteriaId: "66CAA1FF-02B0-4479-8349-DEB19208A21C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "5C47CC5A-5A12-4058-9F60-A50E2D2040BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "A1CE1F19-1F07-4CBB-9930-F47394ED8054", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "FABD1A02-06F9-48A7-A22D-10DCD24938E7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.0:*:*:*:*:*:*:*", matchCriteriaId: "06992F7E-3BCA-4489-AD12-534C50CE6E6D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.1:*:*:*:*:*:*:*", matchCriteriaId: "F6D3F48B-E5F3-4412-815A-6C1E23E98674", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", matchCriteriaId: "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "891E192D-BA12-4D89-8D18-C93D2F26A369", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "5B956113-5B3B-436D-858B-8F29FB304364", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "EFC5F424-119D-4C66-8251-E735EEFBC0BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:2.3.8:*:*:*:*:*:*:*", matchCriteriaId: "4B31A871-77CF-455F-A28A-FBCE595D51DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:2.4.9:*:*:*:*:*:*:*", matchCriteriaId: "892B1AB5-B0DC-4E57-B22F-0196A9F22CE7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0E9002D8-133F-4AB2-8475-4B0A464D0021", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "B529695B-B859-4A1B-9873-6C870201879F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*", matchCriteriaId: "F26748F3-1952-43B2-8847-264257ECBF10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:*:*:*:*:*:*:*", matchCriteriaId: "142391D3-E38C-4F0E-9BB1-034DC28FAF75", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:*:*:*:*:*:*:*", matchCriteriaId: "555925C7-3345-48F8-9FD9-0E6C1E83E960", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:*:*:*:*:*:*:*", matchCriteriaId: "0953CAB4-B627-419D-9B8A-7C776A4FC18F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0E703304-0752-46F2-998B-A3D37C9E7A54", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "722969B5-36CD-4413-954B-347BB7E51FAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C5BE74EA-FC65-4A23-B5AA-1FC97390ADAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8AAFAA67-42E9-4B4E-9DC7-A38275FD45CB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:*:*:*:*:*:*:*", matchCriteriaId: "B7A0E714-AC23-49B5-A36C-D10FA4699561", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*", matchCriteriaId: "89B3354D-3929-4AEC-AAE0-7F573341FD6C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*", matchCriteriaId: "55901EF7-B71C-40B3-B276-FDA6381F051F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*", matchCriteriaId: "385D40CC-5AA0-4DAB-A2E7-F3A3CFF95BA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E7A714FB-050A-4040-BC57-C22FA4DD58D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A775321B-6DFB-4770-8F6D-D34D655438AF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*", matchCriteriaId: "835BB7D9-633C-4CB3-8E8F-CA6FD62E587A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*", matchCriteriaId: "48FE41BA-1E3C-4626-930F-3F8FEE124A78", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*", matchCriteriaId: "40F284EF-05CF-4CF5-B7CA-F58AE01DA3B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C09892E8-D580-488A-A80E-B358D682A25A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*", matchCriteriaId: "A58642E0-CA59-4DE6-A83C-F551FC621C32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D7072B3F-88AE-4432-879B-9D8208C67C74", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "1BB4709C-6373-43CC-918C-876A6569865A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AD848FE1-CFD7-490C-B008-DF3B30F3256F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", matchCriteriaId: "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD81527-A341-42C3-9AB9-880D3DB04B08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*", matchCriteriaId: "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*", matchCriteriaId: "077732DB-F5F3-4E9C-9AC0-8142AB85B32F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1ABA871-3271-48E2-A69C-5AD70AF94E53", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "681173DF-537E-4A64-8FC7-75F439CCAD0D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8E2F2F98-DB90-43F6-8F28-3656207B6188", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*", matchCriteriaId: "08E5BFFC-F3E0-43E6-BA40-81B2A8B7CC01", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*", matchCriteriaId: "46DD0CA2-3786-4E97-A60C-5043FDDBCB86", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*", matchCriteriaId: "55E4609A-C986-4041-A528-1B4B37E1F6F6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*", matchCriteriaId: "92BDD126-A468-47D9-A468-6E229D75939D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*", matchCriteriaId: "6DAA8C42-870A-42B4-AE9F-7C67F4122ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B908AEF5-67CE-42D4-961D-C0E7ADB78ADD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0F8EB695-5EA3-46D2-941E-D7F01AB99A48", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "6D8D654F-2442-4EA0-AF89-6AC2CD214772", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "9B8B2E32-B838-4E51-BAA2-764089D2A684", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "4319B943-7B19-468D-A160-5895F7F997A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E9A24D0C-604D-4421-AFA6-5D541DA2E94D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3A2E3637-B6A6-4DA9-8B0A-E91F22130A45", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F81F859C-DA89-4D1E-91D3-A000AD646203", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "418488A5-2912-406C-9337-B8E85D0C2B57", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", }, { lang: "es", value: "Al ejecutar Apache Tomcat desde la versión 9.0.0.M1 hasta la 9.0.0, desde la 8.5.0 hasta la 8.5.22, desde la 8.0.0.RC1 hasta la 8.0.46 y desde la 7.0.0 hasta la 7.0.81 con los HTTP PUT habilitados (por ejemplo, configurando el parámetro de inicialización de solo lectura del servlet Default a \"false\"), es posible subir un archivo JSP al servidor mediante una petición especialmente manipulada. Este JSP se puede después solicitar y cualquier código que contenga se ejecutaría por el servidor.", }, ], id: "CVE-2017-12617", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2017-10-04T01:29:02.120", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100954", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039552", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3080", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3081", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3113", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3114", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0268", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0269", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0270", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0271", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0275", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0465", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0466", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", ], url: "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171018-0002/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180117-0002/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K53173544", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3665-1/", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42966/", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43008/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0269", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0270", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0271", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", ], url: "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171018-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180117-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K53173544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3665-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42966/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-18 12:15
Modified
2024-11-21 06:31
Severity ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "42BCB94E-86D2-4B98-B9E6-5789F2272692", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "19DA22A8-0B29-4181-B44E-57D28D9DB331", versionEndExcluding: "2.12.3", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "61E2AC03-D49B-4A15-BDA4-61DAF142CEED", versionEndIncluding: "2.16.0", versionStartIncluding: "2.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", matchCriteriaId: "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A", versionEndIncluding: "10.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*", matchCriteriaId: "1EA49667-8F94-4091-B9A9-A94318D83C24", versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*", matchCriteriaId: "7C1B257C-9442-4C73-91CB-67893A78F0DF", versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1E667A-9CAA-4382-957A-E4F1A4960E0C", versionEndExcluding: "3.1.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B407FBDB-7900-4F69-B745-809277F26050", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3103225-6440-43F4-9493-131878735B2A", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "2B3A0115-86AB-4677-A026-D99B971D9EF5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "914A44DE-C4AA-45A0-AC26-5FAAF576130E", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1C62CF-414A-4670-9F19-C11A381DB830", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "706A3F00-8489-4735-B09B-34528F7C556A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "E9DCB171-E4C8-4472-8023-20992ABB9348", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*", matchCriteriaId: "B0C0714E-4255-4095-B26C-70EB193B8F98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1F834ACC-D65B-4CA3-91F1-415CBC6077E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "473749BD-267E-480F-8E7F-C762702DB66E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5E502A46-BAF4-4558-BC8F-9F014A2FB26A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C542DC5E-6657-4178-9C69-46FD3C187D56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", matchCriteriaId: "633E5B20-A7A7-4346-A71D-58121B006D00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC6D658-09EA-4C41-869F-1C2EA163F751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", matchCriteriaId: "64750C01-21AC-4947-B674-6690EAAAC5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", matchCriteriaId: "3C3D0063-9458-4018-9B92-79A219716C10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", matchCriteriaId: "3141B86F-838D-491A-A8ED-3B7C54EA89C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "123CB9B5-C800-47FD-BD0C-BE44198E97E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", matchCriteriaId: "DF616620-88CE-4A77-B904-C1728A2E6F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "B4367D9B-BF81-47AD-A840-AC46317C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "175B97A7-0B00-4378-AD9F-C01B6D9FD570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EEC452FA-D1D5-4175-9371-F6055818192E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "F9550113-7423-48D8-A1C7-95D6AEE9B33C", versionEndIncluding: "8.5.1.0", versionStartIncluding: "8.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", matchCriteriaId: "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "02712DD6-D944-4452-8015-000B9851D257", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", matchCriteriaId: "46E23F2E-6733-45AF-9BD9-1A600BD278C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", matchCriteriaId: "E812639B-EE28-4C68-9F6F-70C8BF981C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "26940103-F37C-4FBD-BDFD-528A497209D6", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "53600579-4542-4D80-A93C-3E45938C749D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", matchCriteriaId: "E6235EAE-47DD-4292-9941-6FF8D0A83843", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "274BCA96-2E6A-4B77-B69E-E2093A668D28", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D4B738B-08CF-44F6-A939-39F5BEAF03B2", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", matchCriteriaId: "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "1F05AF4B-A747-4314-95AE-F8495479AB3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*", matchCriteriaId: "4B3C968F-4038-4A8D-A345-8CD3F73A653B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "615C7D0D-A9D5-43BA-AF61-373EC1095354", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B829B72-7DE0-415F-A1AF-51637F134B76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "B0148D20-089E-4C19-8CA3-07598D8AFBF1", versionEndIncluding: "12.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "54BE0CCE-8216-4CCF-96E1-38EF76124368", versionEndIncluding: "14.3.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*", matchCriteriaId: "0017AE8C-DBCA-46B4-A036-DF0E289199D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*", matchCriteriaId: "609645BF-B34F-40AC-B9C9-C3FB870F4ED2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "67013CB6-5FA6-438B-A131-5AEDEBC66723", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8FC5F6E6-3515-439B-9665-3B6151CEF577", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "51BCEC65-25B7-480C-860C-9D97F78CCE3F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "16AEA21E-0B11-44A5-8BFB-550521D8E0D5", versionEndIncluding: "3.0.4", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD", versionEndIncluding: "7.3.0.4", versionStartIncluding: "7.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10774601-93C3-4938-A3E7-3C3D97A6F73C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*", matchCriteriaId: "E7D45E2D-241B-4839-B255-A81107BF94BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*", matchCriteriaId: "9C083F1E-8BF2-48C7-92FB-BD105905258E", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "C3E11E28-78AA-42BB-927D-D22CBDDD62B9", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*", matchCriteriaId: "30927787-2815-4BEF-A7C2-960F92238303", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*", matchCriteriaId: "C0ABD2DC-9357-4097-BE62-BB7A4988A01F", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8508EF23-43DC-431F-B410-FD0BA897C371", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1B85A426-5714-4CEA-8A97-720F882B2D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "604FBBC9-04DC-49D2-AB7A-6124256431AF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2E3E923-E2AD-400D-A618-26ADF7F841A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB58D27-37F2-4A32-B786-3490024290A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", matchCriteriaId: "5D01A0EC-3846-4A74-A174-3797078DC699", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", matchCriteriaId: "03E5FCFB-093A-48E9-8A4E-34C993D2764E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", versionEndIncluding: "18.8.13", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4096281D-2EBA-490D-8180-3C9D05EB890A", versionEndIncluding: "19.12.12", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", matchCriteriaId: "15F45363-236B-4040-8AE4-C6C0E204EDBA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", versionEndIncluding: "19.12.18.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "651104CE-0569-4E6D-ACAB-AD2AC85084DD", versionEndIncluding: "20.12.12.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D89239-9142-46BD-846D-76A5A74A67B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "3D1C35DF-D30D-42C8-B56D-C809609AB2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "834B4CE7-042E-489F-AE19-0EEA2C37E7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "82653579-FF7D-4492-9CA2-B3DF6A708831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4B95628-F108-424A-8C19-40A5F5B7D37B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*", matchCriteriaId: "1E03B340-8C77-4DFA-8536-C57656E237D0", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B7B0B33-2361-4CF5-8075-F609858A582E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "A921C710-1C59-429F-B985-67C0DBFD695E", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "B9E458AF-0EEC-453E-AA9D-6C79211000AC", versionEndIncluding: "19.0.1.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "F1AFAE16-B69F-410A-8CE3-1CDD998A8433", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFDF4CB0-4680-449A-8576-915721D59500", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0472632-4104-4397-B619-C4E86A748465", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", matchCriteriaId: "9002379B-4FDA-44F3-98EB-0C9B6083E429", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", matchCriteriaId: "476B038D-7F60-482D-87AD-B58BEA35558E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", matchCriteriaId: "AB86C644-7B79-4F87-A06D-C178E8C2B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", matchCriteriaId: "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3E1A9B0C-735A-40B4-901C-663CF5162E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "0791694C-9B4E-42EA-8F6C-899B43B6D769", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "312992F0-E65A-4E38-A44C-363A7E157CE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E1940FD6-39FA-4F92-9625-F215D8051E80", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", matchCriteriaId: "0CE45891-A6A5-4699-90A6-6F49E60A7987", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "D7FCC976-615C-4DE5-9F50-1B25E9553962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D14A54A-4B04-41DE-B731-844D8AC3BE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5D57F5CB-E566-450F-B7D7-DD771F7C746C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", matchCriteriaId: "88458537-6DE8-4D79-BC71-9D08883AD0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", matchCriteriaId: "2E310654-0793-41CC-B049-C754AC31D016", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", matchCriteriaId: "4C5B22C6-97AF-4D1B-84C9-987C6F62C401", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FFD9AAE5-9472-49C6-B054-DB76BEB86D35", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "A104FDBD-0B28-44EE-91A0-A0C8939865A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", matchCriteriaId: "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "889916ED-5EB2-49D6-8400-E6DBBD6C287F", versionEndIncluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", matchCriteriaId: "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1", versionEndExcluding: "21.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D", versionEndExcluding: "22.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, { lang: "es", value: "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1", }, ], id: "CVE-2021-45105", lastModified: "2024-11-21T06:31:58.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-18T12:15:07.433", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { source: "security@apache.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-14 07:15
Modified
2024-11-21 06:13
Severity ?
Summary
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", matchCriteriaId: "C89ED6A3-3C13-4D67-A2B2-BF2A9FF9E03B", versionEndExcluding: "1.9.16", versionStartIncluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", matchCriteriaId: "87EE8429-8072-48A8-B406-3A8487A350B6", versionEndExcluding: "1.10.11", versionStartIncluding: "1.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", matchCriteriaId: "64750C01-21AC-4947-B674-6690EAAAC5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", matchCriteriaId: "3C3D0063-9458-4018-9B92-79A219716C10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A4CA84D6-F312-4C29-A02B-050FCB7A902B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", matchCriteriaId: "10323322-F6C0-4EA7-9344-736F7A80AA5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", matchCriteriaId: "21CC9E01-616E-411B-B0C7-DE6E599D3319", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", matchCriteriaId: "1F015E20-7886-4713-B4EC-FE7894066D09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "69300B13-8C0F-4433-A6E8-B2CE32C4723D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "16F73C3A-A5C1-46F5-91E4-22F97A79E703", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", matchCriteriaId: "8E883986-13DA-470F-95C4-BEBD0EDFEB9C", versionEndIncluding: "11.3.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "301E7158-9090-467C-B3B4-30A8DB3B395D", versionEndIncluding: "18.8.12", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BBEFACB1-C8EA-492B-8F85-A564DB363C83", versionEndIncluding: "19.12.11", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", matchCriteriaId: "517E0654-F1DE-43C4-90B5-FB90CA31734B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*", matchCriteriaId: "43DA1635-08DA-434D-AA39-20D117468B5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "360B307A-3D7F-4B38-8248-76CF8318B023", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C401E65A-8FA0-44E6-9AFC-6CC06498122F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "83B5F416-56AE-4DC5-BCFF-49702463E716", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", matchCriteriaId: "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2F09182F-D0F2-41A7-A4AB-79099194B2CB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44AA1B51-8A24-48F0-B16F-803D69698707", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "919DED83-2F88-4202-9556-5F4E5E1E6790", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "97DD0665-C420-4F6F-AD1F-07674B13614E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", matchCriteriaId: "237968A4-AE89-44DC-8BA3-D9651F88883D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "1581DEE7-48C3-4832-B616-A25D9DD3E898", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "77326E29-0F3C-4BF1-905F-FF89EB9A897A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5D57F5CB-E566-450F-B7D7-DD771F7C746C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "C1933509-1BEA-45DA-B6AF-2713B432B1F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "4DA1BF68-635B-4577-B3F7-DEBC39567C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3B202AEF-1197-441B-8EA1-2913BFD8A545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "513AE97F-161C-43D2-B2D1-653125A9E920", versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.", }, { lang: "es", value: "Cuando se lee un archivo TAR especialmente diseñado, se puede hacer que una compilación de Apache Ant asigne grandes cantidades de memoria que finalmente conlleva a un error de falta de memoria, incluso para entradas pequeñas. Esto puede ser usado para interrumpir las compilaciones usando Apache Ant. Apache Ant versiones anteriores a 1.9.16 y 1.10.11 estaban afectados", }, ], id: "CVE-2021-36373", lastModified: "2024-11-21T06:13:37.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-14T07:15:08.237", references: [ { source: "security@apache.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://ant.apache.org/security.html", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://ant.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-130", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-14 20:15
Modified
2024-11-21 06:27
Severity ?
Summary
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "890E6FBC-FCC5-44B0-8CE8-AD7E8F0A1BFA", versionEndExcluding: "8.5.72", versionStartIncluding: "8.5.60", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "654BD045-868C-4DC0-B36C-824C0F4C41CD", versionEndExcluding: "9.0.54", versionStartIncluding: "9.0.40", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "1C639222-18E7-4BDC-A53A-684F63C42991", versionEndExcluding: "10.0.12", versionStartIncluding: "10.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*", matchCriteriaId: "83B9FF07-1B93-4F8C-AC56-7CA74E61B724", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*", matchCriteriaId: "6D402B5D-5901-43EB-8E6A-ECBD512CE367", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*", matchCriteriaId: "9846609D-51FC-4CDD-97B3-8C6E07108F14", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*", matchCriteriaId: "2E321FB4-0B0C-497A-BB75-909D888C93CB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*", matchCriteriaId: "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*", matchCriteriaId: "7CB9D150-EED6-4AE9-BCBE-48932E50035E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", matchCriteriaId: "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", matchCriteriaId: "384DEDD9-CB26-4306-99D8-83068A9B23ED", versionEndExcluding: "23.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "590ADE5F-0D0F-4576-8BA6-828758823442", versionEndIncluding: "8.5.0.2", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*", matchCriteriaId: "05F5B430-8BA1-4865-93B5-0DE89F424B53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2E3E923-E2AD-400D-A618-26ADF7F841A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB58D27-37F2-4A32-B786-3490024290A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", matchCriteriaId: "5D01A0EC-3846-4A74-A174-3797078DC699", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", matchCriteriaId: "03E5FCFB-093A-48E9-8A4E-34C993D2764E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "3D1C35DF-D30D-42C8-B56D-C809609AB2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "834B4CE7-042E-489F-AE19-0EEA2C37E7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "82653579-FF7D-4492-9CA2-B3DF6A708831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4B95628-F108-424A-8C19-40A5F5B7D37B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EE6D2296-FF70-462A-963D-C93429499E4F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B7B0B33-2361-4CF5-8075-F609858A582E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", matchCriteriaId: "88458537-6DE8-4D79-BC71-9D08883AD0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", matchCriteriaId: "2E310654-0793-41CC-B049-C754AC31D016", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", matchCriteriaId: "4C5B22C6-97AF-4D1B-84C9-987C6F62C401", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FFD9AAE5-9472-49C6-B054-DB76BEB86D35", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "A104FDBD-0B28-44EE-91A0-A0C8939865A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", matchCriteriaId: "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "10009CC2-04DD-4CD3-B256-2D5EFD9A1D1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", }, { lang: "es", value: "La corrección del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0-M1 hasta 10.0.11, versiones 9.0.40 hasta 9.0.53 y versiones 8.5.60 hasta 8.5.71, introducía una pérdida de memoria. El objeto introducido para recopilar métricas para las conexiones de actualización HTTP no se liberaba para las conexiones WebSocket una vez que se cerraba la conexión. Esto creaba una pérdida de memoria que, con el tiempo, podía conllevar a una denegación de servicio por medio de un OutOfMemoryError", }, ], id: "CVE-2021-42340", lastModified: "2024-11-21T06:27:38.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-14T20:15:09.060", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-34", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211104-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5009", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211104-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2021-45105
Vulnerability from cvelistv5
Published
2021-12-18 11:55
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Version: log4j-core < 2.17.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j2", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "2.13.0", status: "affected", }, { at: "2.12.3", status: "unaffected", }, { at: "2.4", status: "affected", }, { at: "2.3.1", status: "unaffected", }, { at: "2.0-alpha1", status: "affected", }, ], lessThan: "2.17.0", status: "affected", version: "log4j-core", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], descriptions: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-674", description: "CWE-674: Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:41:57", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, title: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", workarounds: [ { lang: "en", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45105", STATE: "PUBLIC", TITLE: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j2", version: { version_data: [ { version_affected: "<", version_name: "log4j-core", version_value: "2.17.0", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.13.0", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.12.3", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.4", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.3.1", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, { description: [ { lang: "eng", value: "CWE-674: Uncontrolled Recursion", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/2.x/security.html", refsource: "MISC", url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5024", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { name: "https://security.netapp.com/advisory/ntap-20211218-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-45105", datePublished: "2021-12-18T11:55:08", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2024-08-04T04:39:20.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10219
Vulnerability from cvelistv5
Published
2019-11-08 14:46
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hibernate | hibernate-validator |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:17:18.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "RHSA-2020:0164", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { name: "RHSA-2020:0159", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { name: "RHSA-2020:0160", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { name: "RHSA-2020:0161", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { name: "RHSA-2020:0445", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "hibernate-validator", vendor: "Hibernate", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-10T09:07:39", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "RHSA-2020:0164", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { name: "RHSA-2020:0159", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { name: "RHSA-2020:0160", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { name: "RHSA-2020:0161", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { name: "RHSA-2020:0445", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-10219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "hibernate-validator", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Hibernate", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", }, ], }, impact: { cvss: [ [ { vectorString: "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E", }, { name: "RHSA-2020:0164", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { name: "RHSA-2020:0159", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { name: "RHSA-2020:0160", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { name: "RHSA-2020:0161", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { name: "RHSA-2020:0445", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { name: "https://security.netapp.com/advisory/ntap-20220210-0024/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-10219", datePublished: "2019-11-08T14:46:03", dateReserved: "2019-03-27T00:00:00", dateUpdated: "2024-08-04T22:17:18.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34429
Vulnerability from cvelistv5
Published
2021-07-15 17:00
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.37 < unspecified Version: unspecified < Version: 10.0.1 < unspecified Version: unspecified < Version: 11.0.1 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", }, { name: "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E", }, { name: "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210819-0006/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "9.4.37", versionType: "custom", }, { lessThanOrEqual: "9.4.42", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "10.0.1", versionType: "custom", }, { lessThanOrEqual: "10.0.5", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "11.0.1", versionType: "custom", }, { lessThanOrEqual: "11.0.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-551", description: "CWE-551", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:29:06", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", }, { name: "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E", }, { name: "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210819-0006/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2021-34429", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "9.4.37", }, { version_affected: "<=", version_value: "9.4.42", }, { version_affected: ">=", version_value: "10.0.1", }, { version_affected: "<=", version_value: "10.0.5", }, { version_affected: ">=", version_value: "11.0.1", }, { version_affected: "<=", version_value: "11.0.5", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.", }, ], }, impact: { cvss: { baseScore: 5.3, vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, { description: [ { lang: "eng", value: "CWE-551", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", }, { name: "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E", }, { name: "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E", }, { name: "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E", }, { name: "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20210819-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210819-0006/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2021-34429", datePublished: "2021-07-15T17:00:10", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9488
Vulnerability from cvelistv5
Published
2020-04-27 15:36
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Log4j |
Version: log4j-core 2.13.0 Version: log4j-core < 2.12.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:26:16.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { name: "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { name: "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[kafka-users] 20210617 vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j", vendor: "Apache", versions: [ { status: "affected", version: "log4j-core 2.13.0", }, { lessThan: "2.12.3", status: "affected", version: "log4j-core", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", }, ], problemTypes: [ { descriptions: [ { description: "Improper Validation of Certificate with Host Mismatch", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:23:40", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { name: "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { name: "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[kafka-users] 20210617 vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-9488", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j", version: { version_data: [ { version_affected: "<", version_name: "log4j-core", version_value: "2.12.3", }, { version_affected: "=", version_name: "log4j-core", version_value: "2.13.0", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Validation of Certificate with Host Mismatch", }, ], }, ], }, references: { reference_data: [ { name: "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://issues.apache.org/jira/browse/LOG4J2-2819", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { name: "https://security.netapp.com/advisory/ntap-20200504-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { name: "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E", }, { name: "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E", }, { name: "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[kafka-users] 20210617 vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5020", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-9488", datePublished: "2020-04-27T15:36:10", dateReserved: "2020-03-01T00:00:00", dateUpdated: "2024-08-04T10:26:16.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-27218
Vulnerability from cvelistv5
Published
2020-11-28 00:00
Modified
2024-08-04 16:11
Severity ?
EPSS score ?
Summary
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0.RC0 to 9.4.34.v20201102 Version: 10.0.0.alpha0 to 10.0.0.beta2 Version: 11.0.0.alpha0 to 11.0.0.beta2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:11:36.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892", }, { tags: [ "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] phunt commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20201206 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201211 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201215 [GitHub] [zookeeper] phunt commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20201224 [jira] [Resolved] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[hbase-dev] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1%40%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] pankaj72981 opened a new pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [jira] [Work started] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [jira] [Updated] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210206 [hbase-thirdparty] branch master updated: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958%40%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] busbey closed pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-dev] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88%40%3Cdev.hbase.apache.org%3E", }, { name: "[kafka-jira] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210212 [jira] [Assigned] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] sarutak opened a new pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210216 [jira] [Created] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210216 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210216 [jira] [Assigned] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] dongjoon-hyun commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] srowen commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210218 [spark] branch branch-3.1 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon closed pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210218 [spark] branch branch-3.0 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak opened a new pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210218 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon closed pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210219 [jira] [Resolved] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210219 [spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-issues] 20210222 [jira] [Updated] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0%40%3Cissues.spark.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210222 [kafka] branch 2.7 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210222 [kafka] branch 2.8 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210222 [kafka] branch 2.6 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25%40%3Ccommits.kafka.apache.org%3E", }, { name: "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E", }, { name: "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E", }, { name: "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201218-0003/", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959%40%3Cdev.kafka.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a%40%3Cdev.kafka.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e%40%3Cdev.kafka.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559%40%3Cdev.kafka.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { status: "affected", version: "9.4.0.RC0 to 9.4.34.v20201102", }, { status: "affected", version: "10.0.0.alpha0 to 10.0.0.beta2", }, { status: "affected", version: "11.0.0.alpha0 to 11.0.0.beta2", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-226", description: "CWE-226: Sensitive Information in Resource Not Removed Before Reuse", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-30T21:06:23.588882", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892", }, { url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] phunt commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20201206 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201211 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201215 [GitHub] [zookeeper] phunt commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20201224 [jira] [Resolved] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[hbase-dev] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1%40%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] pankaj72981 opened a new pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [jira] [Work started] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [jira] [Updated] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210206 [hbase-thirdparty] branch master updated: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958%40%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] busbey closed pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-dev] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88%40%3Cdev.hbase.apache.org%3E", }, { name: "[kafka-jira] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210212 [jira] [Assigned] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] sarutak opened a new pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210216 [jira] [Created] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210216 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210216 [jira] [Assigned] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] dongjoon-hyun commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210217 [GitHub] [spark] srowen commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210218 [spark] branch branch-3.1 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon closed pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210218 [spark] branch branch-3.0 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak opened a new pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210218 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon closed pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210219 [jira] [Resolved] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210219 [spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-issues] 20210222 [jira] [Updated] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0%40%3Cissues.spark.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210222 [kafka] branch 2.7 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210222 [kafka] branch 2.8 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944%40%3Ccommits.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-commits] 20210222 [kafka] branch 2.6 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25%40%3Ccommits.kafka.apache.org%3E", }, { name: "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E", }, { name: "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E", }, { name: "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://security.netapp.com/advisory/ntap-20201218-0003/", }, { url: "https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959%40%3Cdev.kafka.apache.org%3E", }, { url: "https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a%40%3Cdev.kafka.apache.org%3E", }, { url: "https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e%40%3Cdev.kafka.apache.org%3E", }, { url: "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559%40%3Cdev.kafka.apache.org%3E", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, ], }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2020-27218", datePublished: "2020-11-28T00:00:00", dateReserved: "2020-10-19T00:00:00", dateUpdated: "2024-08-04T16:11:36.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-36374
Vulnerability from cvelistv5
Published
2021-07-14 06:20
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ant |
Version: 1.4 < Apache Ant* Version: Apache Ant 1.9.x < Version: Apache Ant 1.10.x < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:54:51.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ant.apache.org/security.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", }, { name: "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { name: "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Ant", vendor: "Apache Software Foundation", versions: [ { lessThan: "Apache Ant*", status: "affected", version: "1.4", versionType: "custom", }, { lessThanOrEqual: "1.9.15", status: "affected", version: "Apache Ant 1.9.x", versionType: "custom", }, { lessThanOrEqual: "1.10.10", status: "affected", version: "Apache Ant 1.10.x", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090 present in Apache Commons Compress which has been detected by OSS Fuzz.", }, ], descriptions: [ { lang: "en", value: "When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-130", description: "CWE-130 Improper Handling of Length Parameter Inconsistency ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:30:31", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ant.apache.org/security.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", }, { name: "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { name: "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Ant ZIP, and ZIP based, archive denial of service vulerability", workarounds: [ { lang: "en", value: "Apache Ant 1.9.x users should upgrade to 1.9.16 or later.\nApache Ant 1.10.x users should upgrade to 1.10.11 or later.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-36374", STATE: "PUBLIC", TITLE: "Apache Ant ZIP, and ZIP based, archive denial of service vulerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Ant", version: { version_data: [ { version_affected: ">=", version_name: "Apache Ant", version_value: "1.4", }, { version_affected: "<=", version_name: "Apache Ant 1.9.x", version_value: "1.9.15", }, { version_affected: "<=", version_name: "Apache Ant 1.10.x", version_value: "1.10.10", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "This issue is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090 present in Apache Commons Compress which has been detected by OSS Fuzz.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-130 Improper Handling of Length Parameter Inconsistency ", }, ], }, ], }, references: { reference_data: [ { name: "https://ant.apache.org/security.html", refsource: "MISC", url: "https://ant.apache.org/security.html", }, { name: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", }, { name: "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E", }, { name: "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210819-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Apache Ant 1.9.x users should upgrade to 1.9.16 or later.\nApache Ant 1.10.x users should upgrade to 1.10.11 or later.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-36374", datePublished: "2021-07-14T06:20:12", dateReserved: "2021-07-12T00:00:00", dateUpdated: "2024-08-04T00:54:51.456Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12617
Vulnerability from cvelistv5
Published
2017-10-03 15:00
Modified
2025-02-04 18:46
Severity ?
EPSS score ?
Summary
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: 9.0.0.M1 to 9.0.0 Version: 8.5.0 to 8.5.22 Version: 8.0.0.RC1 to 8.0.46 Version: 7.0.0 to 7.0.81 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:43:56.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2017:3113", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3113", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:3080", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3080", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", }, { name: "RHSA-2018:0269", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0269", }, { name: "42966", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/42966/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", }, { name: "RHSA-2018:0270", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0270", }, { name: "RHSA-2018:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0271", }, { name: "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", }, { name: "RHSA-2018:2939", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { name: "RHSA-2018:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0465", }, { name: "USN-3665-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3665-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2018:0268", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0268", }, { name: "RHSA-2017:3114", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3114", }, { name: "43008", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43008/", }, { name: "1039552", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039552", }, { name: "100954", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100954", }, { name: "RHSA-2018:0275", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0275", }, { name: "RHSA-2018:0466", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0466", }, { name: "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20171018-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180117-0002/", }, { name: "RHSA-2017:3081", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3081", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K53173544", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2017-12617", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T18:46:14.471455Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12617", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T18:46:52.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Tomcat", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "9.0.0.M1 to 9.0.0", }, { status: "affected", version: "8.5.0 to 8.5.22", }, { status: "affected", version: "8.0.0.RC1 to 8.0.46", }, { status: "affected", version: "7.0.0 to 7.0.81", }, ], }, ], datePublic: "2017-10-03T00:00:00.000Z", descriptions: [ { lang: "en", value: "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-13T16:09:13.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "RHSA-2017:3113", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3113", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:3080", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3080", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", }, { name: "RHSA-2018:0269", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0269", }, { name: "42966", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/42966/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", }, { name: "RHSA-2018:0270", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0270", }, { name: "RHSA-2018:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0271", }, { name: "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", }, { name: "RHSA-2018:2939", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { name: "RHSA-2018:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0465", }, { name: "USN-3665-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3665-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2018:0268", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0268", }, { name: "RHSA-2017:3114", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3114", }, { name: "43008", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43008/", }, { name: "1039552", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039552", }, { name: "100954", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100954", }, { name: "RHSA-2018:0275", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0275", }, { name: "RHSA-2018:0466", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0466", }, { name: "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20171018-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180117-0002/", }, { name: "RHSA-2017:3081", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3081", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K53173544", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-10-03T00:00:00", ID: "CVE-2017-12617", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tomcat", version: { version_data: [ { version_value: "9.0.0.M1 to 9.0.0", }, { version_value: "8.5.0 to 8.5.22", }, { version_value: "8.0.0.RC1 to 8.0.46", }, { version_value: "7.0.0 to 7.0.81", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2017:3113", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3113", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:3080", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3080", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", }, { name: "RHSA-2018:0269", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0269", }, { name: "42966", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/42966/", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", }, { name: "RHSA-2018:0270", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0270", }, { name: "RHSA-2018:0271", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0271", }, { name: "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", }, { name: "RHSA-2018:2939", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { name: "RHSA-2018:0465", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0465", }, { name: "USN-3665-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3665-1/", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2018:0268", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0268", }, { name: "RHSA-2017:3114", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3114", }, { name: "43008", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43008/", }, { name: "1039552", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039552", }, { name: "100954", refsource: "BID", url: "http://www.securityfocus.com/bid/100954", }, { name: "RHSA-2018:0275", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0275", }, { name: "RHSA-2018:0466", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0466", }, { name: "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", refsource: "MLIST", url: "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20171018-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20171018-0002/", }, { name: "https://security.netapp.com/advisory/ntap-20180117-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180117-0002/", }, { name: "RHSA-2017:3081", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3081", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", }, { name: "https://support.f5.com/csp/article/K53173544", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K53173544", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-12617", datePublished: "2017-10-03T15:00:00.000Z", dateReserved: "2017-08-07T00:00:00.000Z", dateUpdated: "2025-02-04T18:46:52.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11979
Vulnerability from cvelistv5
Published
2020-10-01 19:24
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Ant |
Version: Apache Ant 1.10.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { name: "FEDORA-2020-2640aa4e19", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { name: "FEDORA-2020-92b1d001b3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { name: "FEDORA-2020-3ce0f55bc5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { name: "GLSA-202011-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202011-18", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { name: "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Ant", vendor: "n/a", versions: [ { status: "affected", version: "Apache Ant 1.10.8", }, ], }, ], descriptions: [ { lang: "en", value: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", }, ], problemTypes: [ { descriptions: [ { description: "insecure temporary file vulnerability", lang: "en", type: "text", }, ], }, { descriptions: [ { cweId: "CWE-379", description: "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:21:10", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { name: "FEDORA-2020-2640aa4e19", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { name: "FEDORA-2020-92b1d001b3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { name: "FEDORA-2020-3ce0f55bc5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { name: "GLSA-202011-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202011-18", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { name: "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-11979", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Ant", version: { version_data: [ { version_value: "Apache Ant 1.10.8", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "insecure temporary file vulnerability", }, ], }, { description: [ { lang: "eng", value: "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", }, { name: "FEDORA-2020-2640aa4e19", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { name: "FEDORA-2020-92b1d001b3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { name: "FEDORA-2020-3ce0f55bc5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { name: "GLSA-202011-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202011-18", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", refsource: "MISC", url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { name: "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-11979", datePublished: "2020-10-01T19:24:57", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-36373
Vulnerability from cvelistv5
Published
2021-07-14 06:20
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ant |
Version: Apache Ant 1.9.x < Version: Apache Ant 1.10.x < Patch: Apache Ant |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:54:51.488Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ant.apache.org/security.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", }, { name: "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { name: "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Ant", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "1.9.0", status: "affected", }, ], lessThanOrEqual: "1.9.15", status: "affected", version: "Apache Ant 1.9.x", versionType: "custom", }, { changes: [ { at: "1.10.0", status: "affected", }, ], lessThanOrEqual: "1.10.10", status: "affected", version: "Apache Ant 1.10.x", versionType: "custom", }, { lessThan: "1.9.0", status: "unaffected", version: "Apache Ant", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517 present in Apache Commons Compress which has been detected by OSS Fuzz.", }, ], descriptions: [ { lang: "en", value: "When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-130", description: "CWE-130 Improper Handling of Length Parameter Inconsistency ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:30:21", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ant.apache.org/security.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", }, { name: "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E", }, { name: "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Ant TAR archive denial of service vulnerability", workarounds: [ { lang: "en", value: "Apache Ant 1.9.x users should upgrade to 1.9.16 or later.\nApache Ant 1.10.x users should upgrade to 1.10.11 or later.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-36373", STATE: "PUBLIC", TITLE: "Apache Ant TAR archive denial of service vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Ant", version: { version_data: [ { version_affected: "<=", version_name: "Apache Ant 1.9.x", version_value: "1.9.15", }, { version_affected: "<=", version_name: "Apache Ant 1.10.x", version_value: "1.10.10", }, { version_affected: ">=", version_name: "Apache Ant 1.9.x", version_value: "1.9.0", }, { version_affected: ">=", version_name: "Apache Ant 1.10.x", version_value: "1.10.0", }, { version_affected: "!<", version_name: "Apache Ant", version_value: "1.9.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "This issue is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517 present in Apache Commons Compress which has been detected by OSS Fuzz.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-130 Improper Handling of Length Parameter Inconsistency ", }, ], }, ], }, references: { reference_data: [ { name: "https://ant.apache.org/security.html", refsource: "MISC", url: "https://ant.apache.org/security.html", }, { name: "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", }, { name: "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E", }, { name: "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E", }, { name: "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210819-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Apache Ant 1.9.x users should upgrade to 1.9.16 or later.\nApache Ant 1.10.x users should upgrade to 1.10.11 or later.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-36373", datePublished: "2021-07-14T06:20:11", dateReserved: "2021-07-12T00:00:00", dateUpdated: "2024-08-04T00:54:51.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42340
Vulnerability from cvelistv5
Published
2021-10-14 19:55
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2021/dsa-5009 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211104-0001/ | x_refsource_CONFIRM | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10379 | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202208-34 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: Apache Tomcat 10 10.0.0-M10 to 10.0.11 Version: Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5 Version: Apache Tomcat 9 9.0.40 to 9.0.53 Version: Apache Tomcat 8 8.5.60 to 8.5.71 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", }, { name: "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E", }, { name: "DSA-5009", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5009", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211104-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202208-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Tomcat", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Tomcat 10 10.0.0-M10 to 10.0.11", }, { status: "affected", version: "Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5", }, { status: "affected", version: "Apache Tomcat 9 9.0.40 to 9.0.53", }, { status: "affected", version: "Apache Tomcat 8 8.5.60 to 8.5.71", }, ], }, ], descriptions: [ { lang: "en", value: "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-772", description: "CWE-772 Missing Release of Resource after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-21T04:07:37", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", }, { name: "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E", }, { name: "DSA-5009", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5009", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211104-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202208-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202208-34", }, ], source: { discovery: "UNKNOWN", }, title: "DoS via memory leak with WebSocket connections", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-42340", STATE: "PUBLIC", TITLE: "DoS via memory leak with WebSocket connections", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tomcat", version: { version_data: [ { version_affected: "=", version_name: "Apache Tomcat 10", version_value: "10.0.0-M10 to 10.0.11", }, { version_affected: "=", version_name: "Apache Tomcat 10", version_value: "10.1.0-M1 to 10.1.0-M5", }, { version_affected: "=", version_name: "Apache Tomcat 9", version_value: "9.0.40 to 9.0.53", }, { version_affected: "=", version_name: "Apache Tomcat 8", version_value: "8.5.60 to 8.5.71", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-772 Missing Release of Resource after Effective Lifetime", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", }, { name: "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E", }, { name: "DSA-5009", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5009", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20211104-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211104-0001/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202208-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202208-34", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-42340", datePublished: "2021-10-14T19:55:14", dateReserved: "2021-10-13T00:00:00", dateUpdated: "2024-08-04T03:30:38.354Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }