Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
CVE-2012-2098 - Medium Severity Vulnerability
Path to dependency file: /jetty-ant/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.5/ant-1.6.5.jar
Dependency Hierarchy: - :x: **ant-1.6.5.jar** (Vulnerable Library)
Found in HEAD commit: d21e42ca49dd7dfc49c40dd5e12fe263140afbdb
Found in base branch: master
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
Release Date: 2012-06-29
Fix Resolution: org.apache.ant:ant:1.8.4,org.apache.commons:commons-compress:1.4.1
Step up your Open Source Security Game with Mend here