CVE-2012-0880 - Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a craft

CVE-2012-0880

Summary

Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.

References

http://seclists.org/oss-sec/2014/q3/96
https://bugzilla.redhat.com/show_bug.cgi?id=787103

Vulnerable Configurations

cpe:2.3:a:apache:xerces-c\+\+:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces-c\+\+:-:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 18-08-2017 - 11:56)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=787103
mlist	[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff

Last major update

18-08-2017 - 11:56

Published

08-08-2017 - 21:29

Last modified

18-08-2017 - 11:56