FreeBSD : xerces-c2 -- Attribute blowup denial-of-service (76301302-1d59-11d9-814e-0001020eed82)
Medium Nessus Plugin ID 37183
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionAmit Klein reports about Xerces-C++ :
An attacker can craft a malicious XML document, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (XML parser). The result of this attack is that the XML parser consumes all the CPU.
SolutionUpdate the affected package.