CVE-2013-4517

Currently unrated

Key Information:

Vendor: Apache
Status: Santuario Xml Security For Java
Vendor: CVE Published:; 11 January 2014

Summary

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

References

http://rhn.redhat.com/errata/RHSA-2014-1728.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2014-1726.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2014-0170.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 11, 2014
Vulnerability Reserved
Jun 12, 2013