ID

VAR-202107-1599


CVE

CVE-2021-36373


TITLE

Apache Ant  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010005

DESCRIPTION

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing TAR archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Process Automation Manager 7.13.0 security update Advisory ID: RHSA-2022:5903-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:5903 Issue date: 2022-08-04 CVE Names: CVE-2021-2471 CVE-2021-3642 CVE-2021-3644 CVE-2021-3717 CVE-2021-22569 CVE-2021-36373 CVE-2021-37136 CVE-2021-37137 CVE-2021-37714 CVE-2021-43797 CVE-2022-22950 CVE-2022-25647 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Security Fix(es): * com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647) * jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569) * spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717) * ant: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-36373) * mysql-connector-java: unauthorized access to critical (CVE-2021-2471) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1982336 - CVE-2021-36373 ant: excessive memory allocation when reading a specially crafted TAR archive 1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson 5. References: https://access.redhat.com/security/cve/CVE-2021-2471 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3644 https://access.redhat.com/security/cve/CVE-2021-3717 https://access.redhat.com/security/cve/CVE-2021-22569 https://access.redhat.com/security/cve/CVE-2021-36373 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-37714 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-22950 https://access.redhat.com/security/cve/CVE-2022-25647 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuthq9zjgjWX9erEAQgQEg/+JzQ2kFiUqqXTe4CScQ9mAeLZBXJhzO3R YXfJSCjuaa+Rs2xlatT73cIzSAyw/q2hNZjjcsdMdLtQaVPCeqg6dWHs9XORxHYi zmN5XjoUUgcXz8o4EovTNdvPZt5T16fnQ992+8VtGt9rXK+iWs/txzBLESTArCdD TZ8JWF09caN37s3OctjOAn3fYFHN9AjeiWlVP99VfCAHpooMX8eaCPcVEgMuMt1G u8KzNqkPjr/Mwfm5okRsQo6BkjgKoxRSqugW9YkurcvwK/4R4hCdRToC6Q2LvbzS lMdjGFYMmlrBPWtJ7JM/S/oAGwBO00tYbuhxpPtcJrDKWsDWSN0DZWhqWtjHspMt MAZZC7SCbnDzTlr52ReYuP8NqEwKNe0EO0MAu8W5EYfBDiZeP2f1lEH59OVOujLQ L2ghX/hZhM6npU1yHV+9SVKV33LkAyiyunBUPQnKJq0NfsIrLgRLBC00GIabYPSu 9wXhVJJMAaJr+HTvWut6QhJmF68zlio3Uvxh70c9gpejyYvwSUmA5UlHAJRkUTaI 5pzXH/1cDxTlJF1iMotIXyw7FQBi9nF/XOGFpNVc+O3Gt32IK4smbbgjMAJ9L0wI lbxnxfBsDeI3uG+AdPMkB8M8NOHp0ZbvDQF8YMzlQ/efLOsnuFOUBhdCa3Uj3abN PEkCgEOAjYs=WAVg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2021-36373 // JVNDB: JVNDB-2021-010005 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-396551 // VULMON: CVE-2021-36373 // PACKETSTORM: 167964

AFFECTED PRODUCTS

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.2

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:3.2.0.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.11.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.3.0

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.9.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.12

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.11

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.10.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core automated test suitescope:eqversion:1.9.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:gteversion:11.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.2

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:ltversion:11.2.2.8.27

Trust: 1.0

vendor:apachemodel:antscope:ltversion:1.9.16

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.4

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.1.1

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.2.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.0

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail extract transform and loadscope:eqversion:13.2.8

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:banking trade financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0

Trust: 1.0

vendor:apachemodel:antscope:ltversion:1.10.11

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:19.0.1

Trust: 1.0

vendor:オラクルmodel:oracle agile plmscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail advanced inventory planningscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle real-time decision serverscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications unified inventory managementscope: - version: -

Trust: 0.8

vendor:apachemodel:antscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle financial services analytical applications infrastructurescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail back officescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle insurance policy administrationscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise repositoryscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera unifierscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010005 // NVD: CVE-2021-36373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36373
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36373
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-983
value: MEDIUM

Trust: 0.6

VULHUB: VHN-396551
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36373
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36373
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-396551
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36373
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36373
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-396551 // VULMON: CVE-2021-36373 // JVNDB: JVNDB-2021-010005 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-983 // NVD: CVE-2021-36373

PROBLEMTYPE DATA

problemtype:CWE-130

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010005 // NVD: CVE-2021-36373

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-983

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-983

PATCH

title:Oracle Critical Patch Update Advisory - October 2021url:https://ant.apache.org/security.html

Trust: 0.8

title:Apache Ant Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=156670

Trust: 0.6

title:Red Hat: CVE-2021-36373url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-36373

Trust: 0.1

title:Red Hat: Moderate: Red Hat Process Automation Manager 7.13.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225903 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-43] ant: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-43

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-36373 log

Trust: 0.1

sources: VULMON: CVE-2021-36373 // JVNDB: JVNDB-2021-010005 // CNNVD: CNNVD-202107-983

EXTERNAL IDS

db:NVDid:CVE-2021-36373

Trust: 3.5

db:PACKETSTORMid:167964

Trust: 0.8

db:JVNDBid:JVNDB-2021-010005

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072011

Trust: 0.6

db:CS-HELPid:SB2021071409

Trust: 0.6

db:AUSCERTid:ESB-2022.3870

Trust: 0.6

db:AUSCERTid:ESB-2023.1653

Trust: 0.6

db:CNNVDid:CNNVD-202107-983

Trust: 0.6

db:CNVDid:CNVD-2021-51427

Trust: 0.1

db:VULHUBid:VHN-396551

Trust: 0.1

db:VULMONid:CVE-2021-36373

Trust: 0.1

sources: VULHUB: VHN-396551 // VULMON: CVE-2021-36373 // JVNDB: JVNDB-2021-010005 // PACKETSTORM: 167964 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-983 // NVD: CVE-2021-36373

REFERENCES

url:https://security.netapp.com/advisory/ntap-20210819-0007/

Trust: 1.8

url:https://ant.apache.org/security.html

Trust: 1.8

url:https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3cuser.ant.apache.org%3e

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.8

url:https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3cdev.myfaces.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-36373

Trust: 0.9

url:https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3cdev.myfaces.apache.org%3e

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071409

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-ant-denial-of-service-via-tar-archive-length-parameter-36866

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-october-2021-36677

Trust: 0.6

url:https://packetstormsecurity.com/files/167964/red-hat-security-advisory-2022-5903-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6514443

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3870

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1653

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072011

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6518994

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36373

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2021-36373

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3717

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3644

Trust: 0.1

sources: VULHUB: VHN-396551 // VULMON: CVE-2021-36373 // JVNDB: JVNDB-2021-010005 // PACKETSTORM: 167964 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-983 // NVD: CVE-2021-36373

CREDITS

Red Hat

Trust: 0.1

sources: PACKETSTORM: 167964

SOURCES

db:VULHUBid:VHN-396551
db:VULMONid:CVE-2021-36373
db:JVNDBid:JVNDB-2021-010005
db:PACKETSTORMid:167964
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-983
db:NVDid:CVE-2021-36373

LAST UPDATE DATE

2024-08-14T12:38:36.265000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-396551date:2023-02-28T00:00:00
db:VULMONid:CVE-2021-36373date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2021-010005date:2022-06-13T07:58:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-983date:2023-03-21T00:00:00
db:NVDid:CVE-2021-36373date:2023-11-07T03:36:45.367

SOURCES RELEASE DATE

db:VULHUBid:VHN-396551date:2021-07-14T00:00:00
db:VULMONid:CVE-2021-36373date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-010005date:2022-06-13T00:00:00
db:PACKETSTORMid:167964date:2022-08-04T14:50:56
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-983date:2021-07-14T00:00:00
db:NVDid:CVE-2021-36373date:2021-07-14T07:15:08.237