Lucene search

Veracode Vulnerability DatabaseVERACODE:18037

HistoryMay 02, 2019 - 6:11 a.m.

Denial Of Service (DoS)

2019-05-0206:11:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

zlib is vulnerable to denial of service attacks. A remote user can exploit the flawed Util component to cause an application crash resulting in denial of service conditions.

CPENameOperatorVersion
java-1.8.0-ibmeq1.8.0.4.1__1jpp.1.el6_8
java-1.7.1-ibmeq1.7.1.3.40__1jpp.1.el6_7
java-1.7.1-ibmeq1.7.1.4.1__1jpp.1.el6_8
java-1.6.0-ibmeq1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibmeq1.6.0.16.2__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.9.1__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.16.7__1jpp.1.el6_7
java-1.6.0-ibmeq1.6.0.15.0__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.16.0__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.14.0__1jpp.1.el6_4

Name	Operator	Version
java-1.8.0-ibm	eq	1.8.0.4.1__1jpp.1.el6_8
java-1.7.1-ibm	eq	1.7.1.3.40__1jpp.1.el6_7
java-1.7.1-ibm	eq	1.7.1.4.1__1jpp.1.el6_8
java-1.6.0-ibm	eq	1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibm	eq	1.6.0.16.2__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.9.1__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.16.7__1jpp.1.el6_7
java-1.6.0-ibm	eq	1.6.0.15.0__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.16.0__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.14.0__1jpp.1.el6_4

Rows per page:

1-10 of 301

References

lists.opensuse.org/opensuse-updates/2016-12/msg00127.html

lists.opensuse.org/opensuse-updates/2017-01/msg00050.html

lists.opensuse.org/opensuse-updates/2017-01/msg00053.html

www.openwall.com/lists/oss-security/2016/12/05/21

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/95131

www.securitytracker.com/id/1039427

www.securitytracker.com/id/1039596

access.redhat.com/errata/RHSA-2017:1220

access.redhat.com/errata/RHSA-2017:1221

access.redhat.com/errata/RHSA-2017:1222

access.redhat.com/errata/RHSA-2017:2999

access.redhat.com/errata/RHSA-2017:3046

access.redhat.com/errata/RHSA-2017:3047

access.redhat.com/errata/RHSA-2017:3453

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1402346

developer.ibm.com/javasdk/support/security-vulnerabilities/

github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb

lists.debian.org/debian-lts-announce/2019/03/msg00027.html

lists.debian.org/debian-lts-announce/2020/01/msg00030.html

security.gentoo.org/glsa/201701-56

security.gentoo.org/glsa/202007-54

security.netapp.com/advisory/ntap-20171019-0001/

support.apple.com/HT208112

support.apple.com/HT208113

support.apple.com/HT208115

support.apple.com/HT208144

usn.ubuntu.com/4246-1/

usn.ubuntu.com/4292-1/

wiki.mozilla.org/images/0/09/Zlib-report.pdf

wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib

www.oracle.com/security-alerts/cpujul2020.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:18037