Published: 06/05/2019 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A vulnerability in Apache Sanselan could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists because certain input files are parsed when they are submitted to the affected software. An attacker could exploit this vulnerability by submitting input files to the targeted system. A successful exploit could cause an infinite loop condition and result in a DoS condition. Apache has confirmed this vulnerability and released a software update.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache commons imaging 0.97

Mailing Lists

Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Sanselan 097-incubator Description: Certain input files could make the code to enter into an infinite loop when Apache Sanselan  097-incubator was used to parse them, which could be used in a DoS attack Note that Apache Sanselan (incubating) was renamed to Apa ...