Lucene search
HackeroneCVELIST:CVE-2019-5427HistoryApr 22, 2019 - 8:52 p.m.
CVE-2019-5427
2019-04-2220:52:56
CWE-776
hackerone
www.cve.org
7
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CNA Affected
[
{
"product": "c3p0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 0.9.5.4"
}
]
}
]References
hackerone.com/reports/509315
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : c3p0 vulnerability (USN-5293-1)
2022-02-22 00:00:00
Ubuntu 16.04 ESM : c3p0 vulnerability (USN-5293-2)
2023-10-20 00:00:00
Fedora 29 : c3p0 (2019-063672154a)
2019-05-29 00:00:00
ubuntu
ubuntu
c3p0 vulnerability
2022-02-22 00:00:00
c3p0 vulnerability
2022-02-21 00:00:00
veracode
veracode
XML Entity Expansion (XEE)
2019-07-08 15:36:42
XML External Entity (XXE)
2018-12-26 01:56:50
osv
osv
CVE-2019-5427
2019-04-22 21:29:00
c3p0 vulnerability
2022-02-22 10:19:21
Billion laughs attack in c3p0
2019-04-23 16:03:18
debiancve
debiancve
CVE-2019-5427
2019-04-22 21:29:00
prion
prion
Design/Logic Flaw
2019-04-22 21:29:00
cve
cve
CVE-2019-5427
2019-04-22 21:29:00
github
github
Billion laughs attack in c3p0
2019-04-23 16:03:18
openvas
openvas
Ubuntu: Security Advisory (USN-5293-1)
2022-02-23 00:00:00
Ubuntu: Security Advisory (USN-5293-2)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2020-0051)
2022-01-28 00:00:00
redhatcve
redhatcve
CVE-2019-5427
2019-05-14 12:50:17
ubuntucve
ubuntucve
CVE-2019-5427
2019-04-22 00:00:00
nvd
nvd
CVE-2019-5427
2019-04-22 21:29:00
fedora
fedora
[SECURITY] Fedora 30 Update: c3p0-0.9.5.4-1.fc30
2019-05-29 00:50:47
[SECURITY] Fedora 29 Update: c3p0-0.9.5.4-1.fc29
2019-05-29 02:59:54
githubexploit
githubexploit
hackerone
hackerone
mageia
mageia
Updated c3p0 packages fix security vulnerabilities
2020-01-28 10:52:40
redhat
redhat
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22
ibm
ibm
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00