| ID |
CVE-2012-0881
|
| Summary |
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:apache:xerces2_java:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:-:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:xerces2_java:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.10.0:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.8 (as of 13-02-2023 - 00:23) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| refmap
via4
|
| confirm | | | mlist | - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available
- [lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report
- [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1
- [lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1
- [oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff
|
|
| Last major update |
13-02-2023 - 00:23 |
| Published |
30-10-2017 - 16:29 |
| Last modified |
13-02-2023 - 00:23 |
