Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45105)

Summary Apache Log4j Vulnerability Affects IBM Sterling Control Center CVE-2021-45105. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling Connect:Direct File Agent (CVE-2021-45046, CVE-2021-45105)

Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a...

Security Bulletin: Vulnerabilities in Apache Log4j affects SPSS Collaboration and Deployment Services

Summary There are vulnerabilities in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. These issues have been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a deni...

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 (CVE-2021-45105)

Summary Vulnerabilities in Apache Log4j2 affect the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus v10 and V9...

Denial Of Service (DoS)

log4j is vulnerable to denial of service. An attacker with control over Thread Context Map MDC input data is able to cause a denial of service by causing a StackOverflowError that will terminate the process. This is due to uncontrolled recursion from self-referential lookups when the logging...

Apache Log4j 2.x < 2.17.0 DoS

The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.13.2 / 2.17.0. It is, therefore, affected by a denial of service vulnerability. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuratio...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4J-Mitigation-CVE-2021-44228https://vulners.com/cve/CVE-...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4J-Mitigation-CVE-2021-44228https://vulners.com/cve/CVE-...

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

Design/Logic Flaw

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

Allocation of Resources Without Limits or Throttling in Apache Tika

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

CVE-2019-10094

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

CVE-2019-10094

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

CVE-2019-10094

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

Code injection

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

CVE-2019-10094

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

CVE-2019-10094

Apache Tika CVE-2019-10094: A crafted archive that unpacks to itself (a quine) triggers a StackOverflowError in RecursiveParserWrapper for Tika versions 1.7–1.21. Upgrade to 1.22 or later to fix.

CVE-2019-10094

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

GHSA-GFX6-PH4Q-Q54Q Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

openSUSE Security Update : xerces-j2 (openSUSE-2017-1179)

xerces-j2 was updated to fix several issues. This security issue was fixed : - bsc814241: Prevent possible DoS through very long attribute names This non-security issue was fixed : - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML fil...