CVE-2013-4517

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

References

http://secunia.com/advisories/55639

http://seclists.org/fulldisclosure/2013/Dec/169

http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc

http://osvdb.org/101169

http://www.securitytracker.com/id/1029524

http://www.securityfocus.com/bid/64437

http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html

http://rhn.redhat.com/errata/RHSA-2014-0170.html

http://rhn.redhat.com/errata/RHSA-2014-0172.html

http://rhn.redhat.com/errata/RHSA-2014-0171.html

http://rhn.redhat.com/errata/RHSA-2014-0195.html

http://rhn.redhat.com/errata/RHSA-2014-1728.html

http://rhn.redhat.com/errata/RHSA-2014-1726.html

http://rhn.redhat.com/errata/RHSA-2014-1727.html

http://rhn.redhat.com/errata/RHSA-2014-1725.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/89891

https://www.tenable.com/security/tns-2018-15

https://lists.apache.org/thread.html/[email protected]%3Ccommits.santuario.apache.org%3E

https://lists.apache.org/thread.html/r1c07[email protected]%3Ccommits.santuario.apache.org%3E

Details

Source: MITRE

Published: 2014-01-11

Updated: 2021-09-17

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
119149Tenable SecurityCenter < 5.8.0 Multiple Vulnerabilities (TNS-2018-15)NessusMisc.
critical
79072Fedora 21 : xml-security-1.5.7-1.fc21 (2014-13983)NessusFedora Local Security Checks
medium
78907Fedora 20 : xml-security-1.5.7-1.fc20 (2014-13879)NessusFedora Local Security Checks
medium
78736RHEL 5 / 6 : JBoss EWP (RHSA-2014:1728)NessusRed Hat Local Security Checks
medium
78735RHEL 5 / 6 : JBoss EAP (RHSA-2014:1726)NessusRed Hat Local Security Checks
medium
72498RHEL 6 : JBoss EAP (RHSA-2014:0171)NessusRed Hat Local Security Checks
medium
72497RHEL 5 : JBoss EAP (RHSA-2014:0170)NessusRed Hat Local Security Checks
medium