Apache Commons Compress 1.22 < 1.24.0 DoS Vulnerability

2023-09-1400:00:00

plugins.openvas.org

apache commons

dos vulnerability

1.22

1.24.0

denial of service

cpu consumption

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

The Apache Commons Compress library is prone to a denial of
service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apache:commons_compress";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.104915");
  script_version("2023-10-12T05:05:32+0000");
  script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-09-14 12:01:53 +0000 (Thu, 14 Sep 2023)");
  script_tag(name:"cvss_base", value:"4.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-19 13:43:00 +0000 (Tue, 19 Sep 2023)");

  script_cve_id("CVE-2023-42503");

  # nb: No backports seems to exist yet, we might need to lower this QoD if any will be published
  # later.
  script_tag(name:"qod_type", value:"executable_version");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Apache Commons Compress 1.22 < 1.24.0 DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_apache_commons_consolidation.nasl");
  script_mandatory_keys("apache/commons/compress/detected");

  script_tag(name:"summary", value:"The Apache Commons Compress library is prone to a denial of
  service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"A third party can create a malformed TAR file by manipulating
  file modification times headers, which when parsed with Apache Commons Compress, will cause a
  denial of service issue via CPU consumption.");

  script_tag(name:"affected", value:"Apache Commons FileUpload versions starting from 1.22 and prior
  to 1.24.0.

  Note: Only applications using CompressorStreamFactory class (with auto-detection of file types),
  TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was
  introduced in v1.22, only that version and later versions are impacted.");

  script_tag(name:"solution", value:"Update to version 1.24.0 or later.");

  script_xref(name:"URL", value:"https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c");
  script_xref(name:"URL", value:"https://commons.apache.org/proper/commons-compress/security.html");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range_exclusive(version: version, test_version_lo: "1.22", test_version_up: "1.24.0")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "1.24.0", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);