Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Fix Resolution: For Apache Commons Compress:
Upgrade to the latest version of Apache Commons Compress (1.4.1 or later), available from the Apache Web site. See References.
For Apache Ant:
Upgrade to the latest version of Apache Ant (1.8.4 or later), available from the Apache Web site. See References.
For IBM products:
Refer to the appropriate IBM Security Bulletin for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Step up your Open Source Security Game with WhiteSource here
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.
CVE-2012-2098 - Medium Severity Vulnerability
Vulnerable Library - ant-1.8.2.jar
master POM
path: /ddf/distribution/kernel/target/dependencies/solr/dist/test-framework/lib/ant-1.8.2.jar,/ddf/distribution/ddf/target/dependencies/solr/dist/test-framework/lib/ant-1.8.2.jar,/ddf/distribution/solr-distro/target/solr-7.4.0/dist/test-framework/lib/ant-1.8.2.jar
Library home page: http://ant.apache.org/ant/
Dependency Hierarchy: - :x: **ant-1.8.2.jar** (Vulnerable Library)Found in HEAD commit: ea35fc52f05b85ef437e9a9e39a887ad51692ff0
Vulnerability Details
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://exchange.xforce.ibmcloud.com/vulnerabilities/75857
Fix Resolution: For Apache Commons Compress: Upgrade to the latest version of Apache Commons Compress (1.4.1 or later), available from the Apache Web site. See References. For Apache Ant: Upgrade to the latest version of Apache Ant (1.8.4 or later), available from the Apache Web site. See References. For IBM products: Refer to the appropriate IBM Security Bulletin for patch, upgrade, or suggested workaround information. See References. For other distributions: Apply the appropriate update for your system. See References.
Step up your Open Source Security Game with WhiteSource here