CVE-2015-3192

Опубликовано: 30 июн. 2015

Источник: redhat

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Virtualization 3	jasperreports-server-pro	Under investigation
Red Hat Enterprise Virtualization 3	rhevm-dependencies	Under investigation
Red Hat JBoss BRMS 5	springframework	Will not fix
Red Hat JBoss Enterprise Web Server 1	fuse-6.1	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-esb-4	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-esb-7	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-mq-5	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-mq-7	Affected
Red Hat JBoss Fuse Service Works 6	springframework	Affected
Red Hat JBoss SOA Platform 5	springframework	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1239002Framework: denial-of-service attack with XML input

EPSS

Процентиль: 79%

0.01378

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

CVE-2015-3192

CVSS3: 5.5

ubuntu

почти 9 лет назад

CVE-2015-3192

CVSS3: 5.5

nvd

почти 9 лет назад

CVE-2015-3192

CVSS3: 5.5

debian

почти 9 лет назад

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...

GHSA-6v7w-535j-rq5m

CVSS3: 5.5

github

больше 6 лет назад

Pivotal Spring Framework DoS Attack with XML Input

EPSS

Процентиль: 79%

0.01378

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2