ID |
CVE-2012-0881
|
Summary |
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:apache:xerces2_java:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:-:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:xerces2_java:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.10.0:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.8 (as of 13-02-2023 - 00:23) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
refmap
via4
|
confirm | | mlist | - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available
- [lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report
- [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1
- [lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1
- [oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff
|
|
Last major update |
13-02-2023 - 00:23 |
Published |
30-10-2017 - 16:29 |
Last modified |
13-02-2023 - 00:23 |