Executive Summary

Informations
NameCVE-2019-5442First vendor Publication2019-06-12
VendorCveLast vendor Modification2019-06-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5442

CWE : Common Weakness Enumeration

%idName
100 %CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Sources (Detail)

SourceUrl
MISC https://hackerone.com/reports/506791

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-06-14 21:19:44
  • Multiple Updates
2019-06-12 21:19:24
  • First insertion