CVE-2012-0881

CWE-399 CWE-407 CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

7.5HIGH

EPSS

2.1%

top 15.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Xerces2 Java

Timeline

PublishedOct 30

Latest updateJul 15

Description

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/xerces2_java2.11.0

▶Mavenxerces:xercesImpl< 2.12.0

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

OSV

Denial of service in Apache Xerces2↗2020-06-15

▶

GHSA

Denial of service in Apache Xerces2↗2020-06-15

▶

OSV

CVE-2012-0881: Apache Xerces2 Java Parser before 2↗2017-10-30

▶

CVEList

CVE-2012-0881: Apache Xerces2 Java Parser before 2↗2017-10-30

▶

📋Vendor Advisories

Oracle

Oracle Oracle Supply Chain Risk Matrix: UI Infrastructure (Apache Xerces2 Java Parser) — CVE-2012-0881↗2021-07-15

▶

Red Hat

xml: xerces-j2 hash table collisions CPU usage DoS (oCERT-2011-003)↗2014-07-08

▶

Debian

CVE-2012-0881: libxerces2-java - Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a deni...↗2012

▶

💬Community

Bugzilla

CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module↗2012-11-21

▶

Bugzilla

CVE-2012-0881 xml: xerces-j2 hash table collisions CPU usage DoS (oCERT-2011-003)↗2012-02-03

▶