Home > Vulnerability Database > CVE-2012-2098

Mend.io Vulnerability Database

CVE-2012-2098

Good to know:

Date: June 28, 2012

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

Language: Java

Severity Score

5.3

Related Resources (39)

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@

Url: https://web.archive.org/web/20140724002926/http://secunia.com/advisories/49286

Url: http://commons.apache.org/compress/security.html

Url: https://github.com/apache/commons-compress/commit/8f702469cbf4c451b6dea349290bc4af0f6f76c7

Url: http://www.securityfocus.com/bid/53676

Url: https://github.com/apache/commons-compress/commit/cca0e6e5341aacddefd4c4d36cef7cbdbc2a8777

Url: http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html

Url: https://github.com/apache/commons-compress/commit/1ce57d976c4f25fe99edcadf079840c278f3cb84

Url: https://www.oracle.com/security-alerts/cpujan2021.html

Url: https://web.archive.org/web/20200517014414/http://www.securitytracker.com/id?1027096

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html

Url: http://ant.apache.org/security.html

Url: https://github.com/apache/commons-compress/commit/6ced422bf5eca3aac05396367bafb33ec21bf74e

Url: https://github.com/apache/commons-compress/commit/6e95697e783767f3549f00d7d2e1b002eac4a3d4

Url: https://github.com/apache/commons-compress/commit/020c03d8ef579e80511023fb46ece30e9c3dd27d

Url: https://github.com/apache/commons-compress/commit/654222e628097763ee6ca561ae77be5c06666173

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/75857

Url: https://github.com/apache/commons-compress/commit/2ab2fcb356753927afaa731b9d2dcc47d3083408

Url: http://osvdb.org/82161

Url: https://access.redhat.com/security/cve/CVE-2012-2098

Url: https://github.com/apache/commons-compress/commit/ea31005111f0abede7e43e4ba0012e62e0808b22

Url: https://web.archive.org/web/20140724023114/http://secunia.com/advisories/49255

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html

Url: http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21644047

Url: http://secunia.com/advisories/49286

Url: https://github.com/apache/commons-compress/commit/b06f7b41c936ef1a79589d16ea5c1d8b93f71f66

Url: http://www.openwall.com/lists/oss-security/2023/09/13/3

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

Url: https://github.com/apache/commons-compress

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html

Url: http://www.securitytracker.com/id?1027096

Url: https://web.archive.org/web/20130525085523/http://www.securityfocus.com/bid/53676

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-2098

Url: http://secunia.com/advisories/49255

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html

Url: https://github.com/apache/commons-compress/commit/fdd7459bc5470e90024dbe762249166481cce769

Url: https://github.com/apache/commons-compress/commit/0600296ab8f8a0bbdfedd483f51b38005eb8e34e

Url: https://www.mend.io/vulnerability-database/CVE-2012-2098

Severity Score

5.3

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version sellerbox/phpjasper - no_fix;ziack/jasperphp - dev-master;ziack/jasperphp - no_fix;ziack/jasperphp - 2.8.0;silverstripe/fulltextsearch-extract - no_fix;drsoft/laraveljasper - no_fix;mgf-formatter - no_fix;minkbear/phpjasper - no_fix;copam/phpjasper - 1.4;copam/phpjasper - v1.5;copam/phpjasper - no_fix;smart145/phpjasper - 3.3.2;smart145/phpjasper - 3.3.0;smart145/phpjasper - 3.0.1;smart145/phpjasper - v1.11;smart145/phpjasper - 2.0;smart145/phpjasper - dev-add-missing;smart145/phpjasper - no_fix;smart145/phpjasper - dev-century_gothic_font;smart145/phpjasper - v1.5;smart145/phpjasper - v1.1;smart145/phpjasper - v1.8;smart145/phpjasper - dev-master;vufind/vufind - dev-legacy/lbs4-daia;vufind/vufind - dev-pullrequest_accessib_turn-my-account-menu-into-ul;vufind/vufind - dev-release-5.0;vufind/vufind - v3.1;vufind/vufind - dev-legacy/mink-autoretry;muhammettotan/phpjasper - no_fix;geekcom/phpjasper-laravel - no_fix;xidmonx/jasperphp - 2.7.0;xidmonx/jasperphp - no_fix;i4n/phpjasper - 1.1.0;fgbio - 0.2.0;fgbio - 0.4.0;lavela/phpjasper - dev-master;lavela/phpjasper - v2.0;scribe/cssembed-library - no_fix;penblu/jasperphp - no_fix;pyreportjasper - no_fix;anshul-netgen/jasper-report - no_fix;dstecnologias/phpjasper - no_fix;igv - 2.8.0;stradaaccellog/phpjasper - v1.0;rdpascua/jasperstarter - dev-master;rdpascua/jasperstarter - 3.5.0;rdpascua/jasperstarter - no_fix;lopezsoft/jasperphp - no_fix;davidecaruso/jasper-php - v1.0.0;davidecaruso/jasper-php - no_fix;a.ambrogini/phpjasper - v2.6;a.ambrogini/phpjasper - no_fix;a.ambrogini/phpjasper - v1.1;geekcom/phpjasper - no_fix;geekcom/phpjasper - v1.0;igvtools - 2.14.1;gomoob/php-embedded-mongo - no_fix;smartman/swedbank-gateway - no_fix;erw/phpjasperstarter - no_fix;eoulsan - 2.3;eoulsan - 2.5;eihen/jasperstarter-bin - v3.4.1.0;chrmorandi/yii2-jasper - v1.1.1;stesabvba/horizon - no_fix;cossou/jasperphp - no_fix;dericktan/phpjasper - no_fix;fazo96/jasperphp - no_fix;siu-toba/jasper - no_fix;salesfusion/reporter - 1.1.4;nealis/jasperphp - no_fix;dhenyson/jasper-report-php - no_fix;davehensley/highcharts - highstock-v1.0.1;starkliew/jasperphp - no_fix;copam/phpjasper7 - v1.3;rdpascua/reporter - no_fix;scribe/closurecompiler-library - no_fix;jheferson-br/phpjasper - no_fix;openrefine - 3.5.0;lijian0960/advanced-bui - no_fix;org.codehaus.izpack:izpack-maven-plugin:5.0.0-beta1;ant:ant:no_fix;ant:ant:no_fix;org.apache.ant:ant:1.8.4;org.apache.ant:ant:1.8.4;org.jboss.teiid.connectors:connector-ws:no_fix;org.apache.commons:commons-compress:1.4.1;org.codehaus.izpack:izpack-standalone-compiler:no_fix;org.jboss:eap-installer:no_fix;org.apache.servicemix.bundles:org.apache.servicemix.bundles.ant:1.8.1_1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-2098

Good to know:

Date: June 28, 2012

Language: Java

Severity Score

Related Resources (39)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?