Unknown
CVE-2021-37714
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-37714
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- jsoup,
- netapp,
- oracle,
- quarkus
Products
- banking trade finance 14.5,
- banking treasury management 14.5,
- business process management suite 12.2.1.3.0,
- business process management suite 12.2.1.4.0,
- communications messaging server 8.1,
- financial services crime and compliance management studio 8.0.8.2.0,
- financial services crime and compliance management studio 8.0.8.3.0,
- flexcube universal banking,
- flexcube universal banking 14.5,
- hospitality token proxy service 19.2,
- jsoup,
- management services for element software and netapp hci -,
- middleware common libraries and tools 12.2.1.3.0,
- middleware common libraries and tools 12.2.1.4.0,
- peoplesoft enterprise peopletools 8.58,
- peoplesoft enterprise peopletools 8.59,
- primavera unifier 20.12,
- primavera unifier 21.12,
- quarkus,
- retail customer management and segmentation foundation,
- stream analytics,
- stream analytics 19c,
- webcenter portal 12.2.1.3.0,
- webcenter portal 12.2.1.4.0
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: