ID CVE-2012-0881
Summary Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:xerces2_java:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces2_java:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces2_java:2.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces2_java:2.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 13-02-2023 - 00:23)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
confirm
mlist
  • [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
  • [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available
  • [lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report
  • [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1
  • [lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1
  • [oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff
Last major update 13-02-2023 - 00:23
Published 30-10-2017 - 16:29
Last modified 13-02-2023 - 00:23
Back to Top