Vulnerability CVE-2019-5427

Vulnerability Name:

CVE-2019-5427 (CCN-160025)

Assigned:

2019-04-16

Published:

2019-04-16

Updated:

2022-04-22

Summary:

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-776

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2019-5427

Source: XF
Type: UNKNOWN
c3p0-cve20195427-dos(160025)

Source: CCN
Type: c3p0 GIT Repository
c3p0

Source: CCN
Type: Hackerone Web site
c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://hackerone.com/reports/509315

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2019-cb14e234fc

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2019-063672154a

Source: CCN
Type: IBM Security Bulletin 3106029 (StoredIQ)
Multiple Vulnerabilities identified in IBM StoredIQ

Source: N/A
Type: Third Party Advisory
N/A

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-5427

Vulnerable Configuration:

Configuration 1:

cpe:/a:mchange:c3p0:*:*:*:*:*:*:*:* (Version < 0.9.5.2)

Configuration 2:

cpe:/o:fedoraproject:fedora:29:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0 and <= 8.2.2)

OR cpe:/a:oracle:documaker:*:*:*:*:*:*:*:* (Version >= 12.6.0 and <= 12.6.6)

OR cpe:/a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mchange:c3p0:0.9.5.3:*:*:*:*:*:*:*

AND

cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:102174	P	Security update for SUSE Manager Server 4.2 (Moderate)	2022-04-25
oval:com.ubuntu.disco:def:201954270000000	V	CVE-2019-5427 on Ubuntu 19.04 (disco) - medium.	2019-04-22
oval:com.ubuntu.cosmic:def:20195427000	V	CVE-2019-5427 on Ubuntu 18.10 (cosmic) - medium.	2019-04-22
oval:com.ubuntu.cosmic:def:201954270000000	V	CVE-2019-5427 on Ubuntu 18.10 (cosmic) - medium.	2019-04-22
oval:com.ubuntu.bionic:def:20195427000	V	CVE-2019-5427 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-22
oval:com.ubuntu.bionic:def:201954270000000	V	CVE-2019-5427 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-22
oval:com.ubuntu.xenial:def:20195427000	V	CVE-2019-5427 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-22
oval:com.ubuntu.xenial:def:201954270000000	V	CVE-2019-5427 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-22
oval:com.ubuntu.trusty:def:20195427000	V	CVE-2019-5427 on Ubuntu 14.04 LTS (trusty) - medium.	2019-04-22

BACK