CVE-2019-12402 vulnerability in Apache and Other Products
Published on August 30, 2019

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-12402

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12402 are published in these products:

Apache Commons Compress

Fedora Project Fedora

Oracle Flexcube Investor Servicing

Oracle Retail Xstore Point Of Service

Oracle Flexcube Private Banking

Oracle Retail Integration Bus

Oracle Webcenter Portal

Oracle Peoplesoft Enterprise Pt Peopletools

Oracle Banking Payments

Oracle Banking Platform

Oracle Communications Ip Service Activator

Oracle Communications Session Route Manager

Oracle Customer Management Segmentation Foundation

Oracle Hyperion Infrastructure Technology

Oracle Jdeveloper

Oracle Primavera Gateway

Oracle Communications Element Manager

Oracle Communications Session Report Manager

Oracle Essbase

Affected Versions

Apache Software Foundation Apache Commons Compress Version 1.15 to 1.18 is affected by CVE-2019-12402

Exploit Probability

EPSS

0.38%

Percentile

59.12%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-12402 vulnerability in Apache and Other ProductsPublished on August 30, 2019

Products Associated with CVE-2019-12402

Affected Versions

Exploit Probability

CVE-2019-12402 vulnerability in Apache and Other Products
Published on August 30, 2019