CVE编号
CVE-2019-12402利用情况
暂无补丁情况
官方补丁披露时间
2019-08-30漏洞描述
Apache Commons Compress 1.15到1.18内部使用的文件名编码算法在面对特制输入时可能会进入无限循环。如果攻击者可以选择Compress创建的存档内的文件名,则可能导致拒绝服务攻击。<br>解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89... | |
| https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc1470... | |
| https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b... | |
| https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe20718... | |
| https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133... | |
| https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc230... | |
| https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6... | |
| https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f... | |
| https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695... | |
| https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9... | |
| https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede6... | |
| https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204... | |
| https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1a... | |
| https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218c... | |
| https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79... | |
| https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c945... | |
| https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17... | |
| https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7... | |
| https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba45... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://www.oracle.com//security-alerts/cpujul2021.html | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | |
| https://www.oracle.com/security-alerts/cpujan2021.html | |
| https://www.oracle.com/security-alerts/cpujul2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2021.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | commons_compress | * |
From (including) 1.15 |
Up to (including) 1.18 |
||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | libcommons-compress-java | * |
Up to (excluding) 1.18-2+deb10u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_30 | libcommons-compress-java | * |
Up to (excluding) 1.19-1.fc30 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | libcommons-compress-java | * |
Up to (excluding) 1.19-1.fc31 |
|||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...