F5 Networks BIG-IP : Apache Xerces vulnerability (K04253390)
Critical Nessus Plugin ID 105466
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionUse-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. (CVE-2016-2099)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K04253390.