Vulnerability Name: | CCN-10867 | ||||||
Published: | 2002-12-13 | ||||||
Updated: | 2002-12-13 | ||||||
Summary: | BEA WebLogic Server and Express is vulnerable to a denial of service attack, caused by improper parsing of XML files by the Xerces parser. If a remote attacker creates a malicious XML document that contains certain invalid entity references in the Document Type Definitions (DTDs), the attacker could cause the Xerces parser to consume all available CPU resources, once the malicious XML document is processed. | ||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||
CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||
Vulnerability Consequences: | Denial of Service | ||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Dec 16 2002 - 10:51:54 CST Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD Source: CCN Type: BID-6378 Bea Systems WebLogic Xerces XML Parser Denial Of Service Vulnerability Source: CCN Type: BID-6398 Multiple Vendor XML Parser Denial Of Service Vulnerability Source: XF Type: UNKNOWN weblogic-xerces-parser-dos(10867) Source: CCN Type: BEA Systems, Inc. Security Advisory (BEA02-23.01) Patch available to prevent DOS attack through XML parsing | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |