Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM353D1C6BCD631024A42E1D490141E816161A8A6A01F6D551CFADA25D97B22F33
HistoryNov 01, 2019 - 9:23 p.m.

Security Bulletin: A vulnerability in Apache Ant affects IBM InfoSphere Information Server

2019-11-0121:23:52
www.ibm.com
20

EPSS

0.026

Percentile

90.4%

JSON

Summary

A vulnerability in Apache Ant was addressed by IBM InfoSphere Information Server.

Vulnerability Details

CVEID: CVE-2012-2098 DESCRIPTION: Apache Commons Compress and Apache Ant are vulnerable to a denial of service, caused by an error when using bzip2 compression to compress files. By passing specially-crafted input to the BZip2CompressorOutputStream class, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/75857&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server: versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7

Remediation/Fixes

Product

| VRMF | APAR | Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud | 11.7 | JR60963 | --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply IBM InfoSphere Information Server 11.7.1.0 Service Pack 1

InfoSphere Information Server, Information Server on Cloud | 11.5 |

JR60963

JR61551

| --Apply InfoSphere Information Server version 11.5.0.2
--Apply InfoSphere Information Server 11.5.0.2 Service Pack 6
--Apply InfoSphere Information Server Framework Security patch
--Apply InfoSphere Metadata Asset Manager Security patch
--Apply InfoSphere Governance Catalog Security patch
--Apply InfoSphere Component Installer Security patch
--Apply InfoSphere Common Metadata Services Security patch
InfoSphere Information Server | 11.3 | JR60963 | --Upgrade to a new release where the issue has been addressed

Contact Technical Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

Related

fedora 5
openvas 9
ubuntucve 2
prion 2
nessus 13
cvelist 2
debiancve 2
mageia 1
osv 3
seebug 1
github 2
cve 2
nvd 2
ibm 16
securityvulns 1
hp 1
oracle 1
fedora
fedora
[SECURITY] Fedora 18 Update: plexus-archiver-2.3-1.fc18
2013-05-11 00:27:50
[SECURITY] Fedora 19 Update: plexus-archiver-2.3-1.fc19
2013-05-11 03:16:43
[SECURITY] Fedora 16 Update: apache-commons-compress-1.4.1-1.fc16
2012-06-03 23:26:27
openvas
openvas
Fedora Update for plexus-archiver FEDORA-2013-5546
2013-05-13 00:00:00
Fedora Update for apache-commons-compress FEDORA-2012-8465
2012-06-04 00:00:00
Fedora Update for plexus-archiver FEDORA-2013-5548
2013-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-2098
2012-06-29 00:00:00
CVE-2023-42503
2023-09-14 00:00:00
prion
prion
Design/Logic Flaw
2012-06-29 19:55:00
Input validation
2023-09-14 08:15:00
nessus
nessus
Oracle Solaris Third-Party Patch Update : ant (algorithmic_complexity_vulnerability_in_apache)
2015-01-19 00:00:00
RHEL 5 : ant (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 6 : ant (Unpatched Vulnerability)
2024-06-03 00:00:00
cvelist
cvelist
CVE-2012-2098
2012-06-29 00:00:00
CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file
2023-09-14 07:45:14
debiancve
debiancve
CVE-2012-2098
2012-06-29 19:55:03
CVE-2023-42503
2023-09-14 08:15:08
mageia
mageia
Updated plexus-archiver package fixes security vulnerability
2014-02-12 21:07:07
osv
osv
Uncontrolled Resource Consumption in Apache Commons Compress
2022-05-13 01:07:05
Apache Commons Compress denial of service vulnerability
2023-09-14 09:30:28
CVE-2023-42503
2023-09-14 08:15:08
seebug
seebug
Apache Commons Compress和Apache Ant拒绝服务漏洞
2012-05-25 00:00:00
github
github
Uncontrolled Resource Consumption in Apache Commons Compress
2022-05-13 01:07:05
Apache Commons Compress denial of service vulnerability
2023-09-14 09:30:28
cve
cve
CVE-2012-2098
2012-06-29 19:55:03
CVE-2023-42503
2023-09-14 08:15:08
nvd
nvd
CVE-2012-2098
2012-06-29 19:55:03
CVE-2023-42503
2023-09-14 08:15:08
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Ant affect IBM InfoSphere Information Server
2022-10-14 21:53:33
Security Bulletin: Vulnerability in Perl affects IBM watsonx.data
2024-09-18 16:58:35
Security Bulletin: Multiple vulnerabilities affect Apache Ant shipped with IBM Operations Analytics - Log Analysis
2023-04-03 07:41:33
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-06-03 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

EPSS

0.026

Percentile

90.4%

JSON
Related for 353D1C6BCD631024A42E1D490141E816161A8A6A01F6D551CFADA25D97B22F33
fedora5openvas9ubuntucve2prion2nessus13cvelist2debiancve2mageia1osv3seebug1github2cve2nvd2ibm16securityvulns1hp1oracle1