Vulnerability Description
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Santuario Xml Security For Java | <= 1.5.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/101169
- http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service
- http://rhn.redhat.com/errata/RHSA-2014-0170.html
- http://rhn.redhat.com/errata/RHSA-2014-0171.html
- http://rhn.redhat.com/errata/RHSA-2014-0172.html
- http://rhn.redhat.com/errata/RHSA-2014-0195.html
- http://rhn.redhat.com/errata/RHSA-2014-1725.html
- http://rhn.redhat.com/errata/RHSA-2014-1726.html
- http://rhn.redhat.com/errata/RHSA-2014-1727.html
- http://rhn.redhat.com/errata/RHSA-2014-1728.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://santuario.apache.org/secadv.data/cve-2013-4517.txt.ascVendor Advisory
- http://seclists.org/fulldisclosure/2013/Dec/169
FAQ
What is CVE-2013-4517?
CVE-2013-4517 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), r...
How severe is CVE-2013-4517?
CVE-2013-4517 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4517?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Santuario Xml Security For Java.