Vulnerability Name: | CVE-2015-3192 (CCN-115554) | ||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2015-06-30 | ||||||||||||||||||||||||||||||||||||||||||||
Published: | 2015-06-30 | ||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2022-04-11 | ||||||||||||||||||||||||||||||||||||||||||||
Summary: | Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | ||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-3192 Source: FEDORA Type: UNKNOWN FEDORA-2015-11184 Source: FEDORA Type: UNKNOWN FEDORA-2015-11165 Source: CCN Type: Pivotal Web site CVE-2015-3192 - DoS Attack with XML Input Source: CONFIRM Type: Vendor Advisory http://pivotal.io/security/cve-2015-3192 Source: CCN Type: RHSA-2016-1218 Moderate: Red Hat JBoss BPM Suite security and bug fix update Source: CCN Type: RHSA-2016-1219 Moderate: Red Hat JBoss BRMS security and bug fix update Source: CCN Type: RHSA-2016-1592 Moderate: Red Hat JBoss BRMS 6.3.2 security and bug fix update Source: REDHAT Type: UNKNOWN RHSA-2016:1592 Source: CCN Type: RHSA-2016-1593 Moderate: Red Hat JBoss BPM Suite 6.3.2 security and bug fix update Source: REDHAT Type: UNKNOWN RHSA-2016:1593 Source: CCN Type: RHSA-2016-2035 Important: Red Hat JBoss Fuse 6.3 security update Source: REDHAT Type: UNKNOWN RHSA-2016:2035 Source: CCN Type: RHSA-2016-2036 Important: Red Hat JBoss A-MQ 6.3 security update Source: REDHAT Type: UNKNOWN RHSA-2016:2036 Source: CCN Type: IBM Security Bulletin 887121 (InfoSphere Information Server) Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server Source: BID Type: UNKNOWN 90853 Source: SECTRACK Type: UNKNOWN 1036587 Source: REDHAT Type: UNKNOWN RHSA-2016:1218 Source: REDHAT Type: UNKNOWN RHSA-2016:1219 Source: XF Type: UNKNOWN pivotal-springframework-xml-cve20153192-dos(115554) Source: CONFIRM Type: UNKNOWN https://jira.spring.io/browse/SPR-13136 Source: MLIST Type: UNKNOWN [debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update Source: CCN Type: IBM Security Bulletin 6857863 (MobileFirst Platform Foundation) Multiple vulnerabilities found on thirdparty libraries used by IBM MobileFirst Platform Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-3192 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
BACK |