ID

VAR-202107-1602


CVE

CVE-2021-36374


TITLE

Apache Ant  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010002

DESCRIPTION

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing ZIP archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack

Trust: 2.34

sources: NVD: CVE-2021-36374 // JVNDB: JVNDB-2021-010002 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-396550 // VULMON: CVE-2021-36374

AFFECTED PRODUCTS

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.2

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:3.2.0.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.2.3

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.11.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.3.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:gteversion:3.0.1

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.9.0

Trust: 1.0

vendor:oraclemodel:product lifecycle analyticsscope:eqversion:3.6.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.12

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.11

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.10.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core automated test suitescope:eqversion:1.9.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:gteversion:11.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.2

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:ltversion:11.2.2.8.27

Trust: 1.0

vendor:apachemodel:antscope:ltversion:1.9.16

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.4

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.1.1

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.2.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.0

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail extract transform and loadscope:eqversion:13.2.8

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.1.0

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0.0.1

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:banking trade financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0

Trust: 1.0

vendor:apachemodel:antscope:ltversion:1.10.11

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:lteversion:3.0.5

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:19.0.1

Trust: 1.0

vendor:オラクルmodel:oracle agile plmscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail advanced inventory planningscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle real-time decision serverscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications unified inventory managementscope: - version: -

Trust: 0.8

vendor:apachemodel:antscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle financial services analytical applications infrastructurescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail back officescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle insurance policy administrationscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise repositoryscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera unifierscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36374
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36374
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-984
value: MEDIUM

Trust: 0.6

VULHUB: VHN-396550
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36374
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36374
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-396550
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36374
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36374
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-396550 // VULMON: CVE-2021-36374 // JVNDB: JVNDB-2021-010002 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984 // NVD: CVE-2021-36374

PROBLEMTYPE DATA

problemtype:CWE-130

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-984

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984

PATCH

title:Oracle Critical Patch Update Advisory - October 2021url:https://ant.apache.org/security.html

Trust: 0.8

title:Apache Ant Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=178519

Trust: 0.6

title:Red Hat: CVE-2021-36374url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-36374

Trust: 0.1

title:IBM: Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connectionsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=983cc8600f8f67fe35b9b5eebcf9b870

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-43] ant: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-43

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-36374 log

Trust: 0.1

sources: VULMON: CVE-2021-36374 // JVNDB: JVNDB-2021-010002 // CNNVD: CNNVD-202107-984

EXTERNAL IDS

db:NVDid:CVE-2021-36374

Trust: 3.4

db:JVNDBid:JVNDB-2021-010002

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072011

Trust: 0.6

db:CS-HELPid:SB2022072096

Trust: 0.6

db:CS-HELPid:SB2022042272

Trust: 0.6

db:CS-HELPid:SB2022072042

Trust: 0.6

db:CS-HELPid:SB2022011911

Trust: 0.6

db:CS-HELPid:SB2022012324

Trust: 0.6

db:CS-HELPid:SB2021101927

Trust: 0.6

db:CS-HELPid:SB2022042546

Trust: 0.6

db:CS-HELPid:SB2021071409

Trust: 0.6

db:AUSCERTid:ESB-2023.1653

Trust: 0.6

db:CNNVDid:CNNVD-202107-984

Trust: 0.6

db:CNVDid:CNVD-2021-51428

Trust: 0.1

db:VULHUBid:VHN-396550

Trust: 0.1

db:VULMONid:CVE-2021-36374

Trust: 0.1

sources: VULHUB: VHN-396550 // VULMON: CVE-2021-36374 // JVNDB: JVNDB-2021-010002 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984 // NVD: CVE-2021-36374

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://security.netapp.com/advisory/ntap-20210819-0007/

Trust: 1.8

url:https://ant.apache.org/security.html

Trust: 1.8

url:https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3cuser.ant.apache.org%3e

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.8

url:https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3cdev.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3cdev.myfaces.apache.org%3e

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-36374

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-36374

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042272

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1653

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072042

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072096

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072011

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042546

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071409

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012324

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011911

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101927

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-october-2021-36677

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-ant-denial-of-service-via-zip-archive-length-parameter-36867

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6518994

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6514441

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-apache-ant-used-by-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collec/

Trust: 0.1

sources: VULHUB: VHN-396550 // VULMON: CVE-2021-36374 // JVNDB: JVNDB-2021-010002 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984 // NVD: CVE-2021-36374

SOURCES

db:VULHUBid:VHN-396550
db:VULMONid:CVE-2021-36374
db:JVNDBid:JVNDB-2021-010002
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-984
db:NVDid:CVE-2021-36374

LAST UPDATE DATE

2024-08-14T13:11:59.584000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-396550date:2023-02-28T00:00:00
db:VULMONid:CVE-2021-36374date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2021-010002date:2022-06-13T07:25:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-984date:2023-03-21T00:00:00
db:NVDid:CVE-2021-36374date:2023-11-07T03:36:45.487

SOURCES RELEASE DATE

db:VULHUBid:VHN-396550date:2021-07-14T00:00:00
db:VULMONid:CVE-2021-36374date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-010002date:2022-06-13T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-984date:2021-07-14T00:00:00
db:NVDid:CVE-2021-36374date:2021-07-14T07:15:08.400