Lucene search

K
githubGitHub Advisory DatabaseGHSA-4P4W-6H54-G885
HistoryMay 13, 2022 - 1:05 a.m.

Improper Input Validation in Apache Santuario XML Security

2022-05-1301:05:55
CWE-20
GitHub Advisory Database
github.com
8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.104 Low

EPSS

Percentile

95.0%

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

CPENameOperatorVersion
org.apache.santuario:xmlseclt1.5.6

References

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.104 Low

EPSS

Percentile

95.0%