Lucene search

K
osvGoogleOSV:GHSA-RJ4P-7MM6-GM9J
HistoryMay 13, 2022 - 1:39 a.m.

JBossWS vulnerable to uncontrolled recursion

2022-05-1301:39:29
Google
osv.dev
16
jbossws
domutils
org.jboss.ws
recursion
denial of service
xml
entity expansion
cve-2003-1564
vulnerability

EPSS

0.011

Percentile

84.5%

DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.