Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
References
Configurations
Configuration 1 (hide)
|
History
18 Apr 2023, 19:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:xml_security_for_java:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.4:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.7:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:*:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.8:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.5:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.4.6:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.5.4:*:*:*:*:*:*:* cpe:2.3:a:apache:xml_security_for_java:1.5.2:*:*:*:*:*:*:* |
cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.5:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.6:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.8:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.7:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.4:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.3:*:*:*:*:*:*:* |
17 Sep 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-01-11 01:55
Updated : 2024-02-04 18:16
NVD link : CVE-2013-4517
Mitre link : CVE-2013-4517
CVE.ORG link : CVE-2013-4517
JSON object : View
Products Affected
apache
- santuario_xml_security_for_java
CWE
CWE-399
Resource Management Errors