Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-11771 |
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package. Published: August 16, 2018; 11:29:00 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-1324 |
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package. Published: March 16, 2018; 9:29:00 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5645 |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Published: April 17, 2017; 5:59:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |