|
|
Subscribe / Log in / New account

springframework: denial of service

Package(s):springframework CVE #(s):CVE-2015-3192
Created:July 16, 2015 Updated:July 29, 2015
Description: From the Red Hat bugzilla entry:

If DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protect against this kind of attack DTD support must be disabled by setting the disallow-doctype-dec feature in the DOM and SAX APIs to true and by setting the supportDTD property in the StAX API to false.

Alerts:
Mageia MGASA-2015-0294 springframework 2015-07-28
Fedora FEDORA-2015-11165 springframework 2015-07-16
Fedora FEDORA-2015-11184 springframework 2015-07-16
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds