CVE-2015-3192

Опубликовано: 30 июн. 2015

Источник: redhat

CVSS3: 5.3

CVSS2: 5

Описание

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Virtualization 3	jasperreports-server-pro	Under investigation
Red Hat Enterprise Virtualization 3	rhevm-dependencies	Under investigation
Red Hat JBoss BRMS 5	springframework	Will not fix
Red Hat JBoss Enterprise Web Server 1	fuse-6.1	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-esb-4	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-esb-7	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-mq-5	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-mq-7	Affected
Red Hat JBoss Fuse Service Works 6	springframework	Affected
Red Hat JBoss SOA Platform 5	springframework	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1239002Framework: denial-of-service attack with XML input

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

CVE-2015-3192

CVSS3: 5.5

ubuntu

больше 9 лет назад

CVE-2015-3192

CVSS3: 5.5

nvd

больше 9 лет назад

CVE-2015-3192

CVSS3: 5.5

debian

больше 9 лет назад

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...

GHSA-6v7w-535j-rq5m

CVSS3: 5.5

github

больше 7 лет назад

Pivotal Spring Framework DoS Attack with XML Input

5.3 Medium

CVSS3

5 Medium

CVSS2