Описание
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Отчет
This issue affects the versions of xerces as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certificate System 7.3 | xerces-j2 | Affected | ||
| Red Hat Enterprise Linux 5 | xerces-j2 | Affected | ||
| Red Hat Enterprise Linux 6 | xerces-j2 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | xerces-j2 | Affected | ||
| Red Hat Satellite 5.0 | xerces-j2 | Will not fix | ||
| Red Hat Satellite 5.1 | xerces-j2 | Will not fix | ||
| Red Hat Satellite 5.2 | xerces-j2 | Will not fix | ||
| Red Hat Satellite 5.3 | xerces-j2 | Will not fix |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ca ...
Уязвимость анализатора XML-файлов Xerces2 Java, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании
5 Medium
CVSS2