CVE-2018-1324 in Apache and Oracle Products
Published on March 16, 2018

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

NVD

Products Associated with CVE-2018-1324

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1324 are published in these products:

Apache Commons Compress

Oracle Mysql Cluster

Oracle Weblogic Server

Affected Versions

Apache Software Foundation Apache Commons Compress Version 1.11 to 1.15 is affected by CVE-2018-1324

Exploit Probability

EPSS

1.67%

Percentile

81.81%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1324 in Apache and Oracle ProductsPublished on March 16, 2018

Products Associated with CVE-2018-1324

Affected Versions

Exploit Probability

CVE-2018-1324 in Apache and Oracle Products
Published on March 16, 2018