CVE-2021-35515

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/07/13/1	Mailing List Third Party Advisory
https://commons.apache.org/proper/commons-compress/security-reports.html	Vendor Advisory
https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E	Vendor Advisory
https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3E
https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3E
https://security.netapp.com/advisory/ntap-20211022-0001/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:oracle:banking_digital_experience::::::::
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:21.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_party_management:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_payments:14.5:::::::*
	cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::*
	cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:commerce_guided_search:11.3.2:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_intelligence_hub::::::::
	cpe:2.3:a:oracle:communications_session_route_manager::::::::
	cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:::::::*
	cpe:2.3:a:oracle:flexcube_universal_banking::::::::
	cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:::::::*
	cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:::::::*
	cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:::::::*
	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

History

07 Nov 2023, 03:36

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69@%3Cannounce.apache.org%3E', 'name': '[announce] 20210713 CVE-2021-35515: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability', 'tags': ['Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210803 [skywalking] branch master updated: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 (#7400)', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210803 [GitHub] [skywalking] codecov[bot] edited a comment on pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090', 'tags': ['Exploit', 'Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20210726 [GitHub] [druid] suneet-s opened a new pull request #11496: Address CVE-2021-35515 CVE-2021-36090', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210802 [skywalking] 01/01: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E', 'name': '[pulsar-commits] 20210716 [GitHub] [pulsar] lhotari opened a new pull request #11345: [Security] Upgrade commons-compress to 1.21', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210802 [GitHub] [skywalking] codecov[bot] commented on pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090', 'tags': ['Exploit', 'Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210802 [GitHub] [skywalking] codecov[bot] edited a comment on pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090', 'tags': ['Exploit', 'Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20210726 [druid] branch master updated: Address CVE-2021-35515 CVE-2021-36090 (#11496)', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210802 [GitHub] [skywalking] wu-sheng opened a new pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E', 'name': '[poi-dev] 20210923 Re: [VOTE] Apache POI 5.1.0 release (RC1)', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20210726 [GitHub] [druid] suneet-s merged pull request #11496: Address CVE-2021-35515 CVE-2021-36090', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E', 'name': '[skywalking-notifications] 20210803 [GitHub] [skywalking] hanahmily merged pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3E - () https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3E - () https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3E - () https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3Ccommits.druid.apache.org%3E - () https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3Ccommits.druid.apache.org%3E - () https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3E - () https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3E - () https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3E - () https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3E - () https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3Ccommits.druid.apache.org%3E - () https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3E - () https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3E -

28 Feb 2023, 15:20

Type	Values Removed	Values Added
First Time		Oracle financial Services Crime And Compliance Management Studio
CPE		cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:::::::* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:::::::*
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory

25 Jul 2022, 18:15

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

25 Apr 2022, 19:53

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::* cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::* cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:::::::* cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:::::::* cpe:2.3:a:oracle:banking_payments:14.5:::::::* cpe:2.3:a:oracle:flexcube_universal_banking:::::::: cpe:2.3:a:oracle:communications_diameter_intelligence_hub:::::::: cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:::::::* cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:::::::* cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:::::::* cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:::::::* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::* cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:::::::* cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:::::::*
First Time		Oracle healthcare Data Repository Oracle communications Billing And Revenue Management Oracle insurance Policy Administration Oracle flexcube Universal Banking Oracle communications Cloud Native Core Automated Test Suite Oracle banking Trade Finance Oracle banking Payments Oracle communications Diameter Intelligence Hub Oracle banking Treasury Management
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
CWE	~~CWE-834~~	CWE-835

20 Apr 2022, 00:16

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

01 Mar 2022, 18:06

Type	Values Removed	Values Added
First Time		Oracle utilities Testing Accelerator Oracle communications Cloud Native Core Unified Data Repository Oracle communications Cloud Native Core Service Communication Proxy Oracle banking Digital Experience Oracle banking Party Management Oracle banking Enterprise Default Management Oracle business Process Management Suite Oracle commerce Guided Search
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
CPE		cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:::::::* cpe:2.3:a:oracle:banking_digital_experience:::::::: cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:::::::* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:::::::* cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:::::::* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:::::::* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::* cpe:2.3:a:oracle:banking_party_management:2.7.0:::::::* cpe:2.3:a:oracle:banking_digital_experience:21.1:::::::* cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*

07 Feb 2022, 16:16

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

02 Dec 2021, 20:14

Type	Values Removed	Values Added
References	~~(MLIST) https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E - Exploit, Mailing List, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E - Exploit, Mailing List, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E - Mailing List, Vendor Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0001/ - Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E - Exploit, Mailing List, Vendor Advisory
CPE		cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows:: cpe:2.3:a:oracle:communications_session_route_manager:::::::: cpe:2.3:a:oracle:primavera_unifier:18.8:::::::* cpe:2.3:a:oracle:primavera_unifier:::::::: cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::* cpe:2.3:a:oracle:primavera_unifier:19.12:::::::* cpe:2.3:a:oracle:primavera_unifier:20.12:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::

22 Oct 2021, 18:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0001/ -

20 Oct 2021, 11:16

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

23 Sep 2021, 13:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E -

03 Aug 2021, 06:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E -

27 Jul 2021, 00:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E -

26 Jul 2021, 11:57

Type	Values Removed	Values Added
CWE		CWE-834
References		(MLIST) https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E - Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://commons.apache.org/proper/commons-compress/security-reports.html -~~	(MISC) https://commons.apache.org/proper/commons-compress/security-reports.html - Vendor Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/1 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/1 - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69@%3Cannounce.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69@%3Cannounce.apache.org%3E - Vendor Advisory
References	~~(MISC) https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E -~~	(MISC) https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E - Vendor Advisory
CPE		cpe:2.3:a:apache:commons_compress::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5

16 Jul 2021, 21:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69@%3Cannounce.apache.org%3E -

13 Jul 2021, 17:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/1 -

13 Jul 2021, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-13 08:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-35515

Mitre link : CVE-2021-35515

CVE.ORG link : CVE-2021-35515

JSON object : View

Products Affected

oracle

communications_cloud_native_core_unified_data_repository
communications_diameter_intelligence_hub
primavera_unifier
communications_cloud_native_core_service_communication_proxy
communications_session_route_manager
business_process_management_suite
banking_enterprise_default_management
flexcube_universal_banking
communications_cloud_native_core_automated_test_suite
banking_trade_finance
banking_digital_experience
financial_services_crime_and_compliance_management_studio
banking_payments
communications_billing_and_revenue_management
banking_party_management
healthcare_data_repository
insurance_policy_administration
utilities_testing_accelerator
financial_services_enterprise_case_management
peoplesoft_enterprise_peopletools
communications_messaging_server
banking_treasury_management
commerce_guided_search

netapp

oncommand_insight
active_iq_unified_manager

apache

commons_compress

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-834

Excessive Iteration

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-35515

7.5^/10

5.0^/10

Attach tags to `CVE-2021-35515`