ID CVE-2004-1575
Summary The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
References
Vulnerable Configurations
  • Apache Software Foundation Xerces-C++ 2.5.0
    cpe:2.3:a:apache:xerces-c%2b%2b:2.5.0
CVSS
Base: 5.0 (as of 30-06-2005 - 15:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_XERCES_260.NASL
    description The following package needs to be updated: xerces-c2
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 15507
    published 2004-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15507
    title FreeBSD : xerces-c2 -- Attribute blowup denial-of-service (205)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_763013021D5911D9814E0001020EED82.NASL
    description Amit Klein reports about Xerces-C++ : An attacker can craft a malicious XML document, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (XML parser). The result of this attack is that the XML parser consumes all the CPU.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 37183
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37183
    title FreeBSD : xerces-c2 -- Attribute blowup denial-of-service (76301302-1d59-11d9-814e-0001020eed82)
refmap via4
bid 11312
bugtraq 20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup
secunia 12715
xf xercescplusplus-xml-parser-dos(17575)
Last major update 17-10-2016 - 22:56
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top