PT-2024-32653

Name of the Vulnerable Software and Affected Versions Apache Commons IO versions 2.0 through 2.13.x Description The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO from version...

Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation

Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...

RHSA-2015:2523 Red Hat Security Advisory: rh-java-common-apache-commons-collections security update

Bulletin has no description...

RHSA-2015:2522 Red Hat Security Advisory: apache-commons-collections security update

Bulletin has no description...

RHSA-2019:4317 Red Hat Security Advisory: rh-maven35-apache-commons-beanutils security update

Bulletin has no description...

RHSA-2020:0194 Red Hat Security Advisory: apache-commons-beanutils security update

Bulletin has no description...

RHSA-2020:0057 Red Hat Security Advisory: rh-java-common-apache-commons-beanutils security update

Bulletin has no description...

Security Bulletin: Multiple Vulnerabilities in Rational Asset Manager

Summary Multiple vulnerabilities were addressed in Rational Asset Manager version 7.5.4.15 Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS...

GHSA-2GH6-WC3M-G37F hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

Security Bulletin: IBM Transformation Extender Advanced is affected by a vulnerability in its dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable in it's dependencies on Apache Commons FileUpload Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused b...

Security Bulletin: vulnerabilities in Apache Commons Compress affect IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by multiple vulnerabilities in Apache Commons Compress that can cause denial of service CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service. For CVE-2021-35515, when reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. For CVE-2021-35516, when reading a specially crafted 7Z archive,...

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. For CVE-2021-35517, when reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out o...

Apache Commons FileUpload and Apache Tomcat Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons FileUpload and Apache Tomcat DoS', 'Description' = %q This module triggers an infinite loop in Apache Commons FileUpload 1.0 throu...

PT-2024-11694 · Apache · Apache Commons Text

Name of the Vulnerable Software and Affected Versions: Apache Common Text affected versions not specified Description: The issue concerns a potential problem with Apache Common Text. However, the provided information indicates that the candidate number was issued in error and is not a valid...

DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-configuration2 Dependency vulnerability was introduced in versions 6.0 of Confluence Data Center and Server. This org.apache.commons:commons-configuration2 Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

Amazon Linux 2 : apache-commons-compress (ALAS-2024-2627)

The version of apache-commons-compress installed on the remote host is prior to 1.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2627 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally...

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...