c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

References

bugzilla.redhat.com/show_bug.cgi?id=1709860

nvd.nist.gov/vuln/detail/CVE-2019-5427

www.cve.org/CVERecord?id=CVE-2019-5427

nessus 5

ubuntu 2

veracode 2

osv 5

debiancve 1

prion 1

cvelist 1

cve 1

github 1

openvas 5

ubuntucve 1

nvd 1

fedora 2

githubexploit 1

hackerone 1

mageia 1

redhat 1

ibm 1

oracle 5

nessus

Ubuntu 18.04 LTS / 20.04 LTS : c3p0 vulnerability (USN-5293-1)

2022-02-22 00:00:00

Ubuntu 16.04 ESM : c3p0 vulnerability (USN-5293-2)

2023-10-20 00:00:00

Fedora 29 : c3p0 (2019-063672154a)

2019-05-29 00:00:00

ubuntu

c3p0 vulnerability

2022-02-22 00:00:00

c3p0 vulnerability

2022-02-21 00:00:00

veracode

XML Entity Expansion (XEE)

2019-07-08 15:36:42

XML External Entity (XXE)

2018-12-26 01:56:50

osv

CVE-2019-5427

2019-04-22 21:29:00

c3p0 vulnerability

2022-02-22 10:19:21

Billion laughs attack in c3p0

2019-04-23 16:03:18

debiancve

CVE-2019-5427

2019-04-22 21:29:00

prion

Design/Logic Flaw

2019-04-22 21:29:00

cvelist

CVE-2019-5427

2019-04-22 20:52:56

cve

CVE-2019-5427

2019-04-22 21:29:00

github

Billion laughs attack in c3p0

2019-04-23 16:03:18

openvas

Ubuntu: Security Advisory (USN-5293-1)

2022-02-23 00:00:00

Ubuntu: Security Advisory (USN-5293-2)

2023-01-27 00:00:00

Mageia: Security Advisory (MGASA-2020-0051)

2022-01-28 00:00:00

ubuntucve

CVE-2019-5427

2019-04-22 00:00:00

nvd

CVE-2019-5427

2019-04-22 21:29:00

fedora

[SECURITY] Fedora 30 Update: c3p0-0.9.5.4-1.fc30

2019-05-29 00:50:47

[SECURITY] Fedora 29 Update: c3p0-0.9.5.4-1.fc29

2019-05-29 02:59:54

githubexploit

Exploit for Improper Restriction of XML External Entity Reference in Mchange C3P0

2020-12-13 12:08:30

hackerone

Central Security Project: c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration

2019-03-13 16:34:01

mageia

Updated c3p0 packages fix security vulnerabilities

2020-01-28 10:52:40

redhat

(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update

2020-03-26 15:40:22

ibm

Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ

2020-02-20 12:42:12

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.023

Percentile

89.8%

JSON

Related for RH:CVE-2019-5427