Remote Denial of Service Vulnerability in Pivotal Spring Framework
CVE-2015-3192
5.5MEDIUM
What is CVE-2015-3192?
The Pivotal Spring Framework prior to versions 3.2.14 and 4.1.7 inadequately handle inline DTD declarations. If DTD is not completely deactivated, it can be exploited by remote attackers who send specially crafted XML files. This flaw can lead to significant memory consumption and result in out-of-memory errors, effectively causing a denial of service condition.
