CVE-2013-4517

CWE-399 CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

4.3MEDIUM

EPSS

14.9%

top 5.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Santuario XML Security FOR Java

Timeline

PublishedJan 11

Latest updateMay 13

Description

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDapache/santuario_xml_security1.5.5+17

▶Mavenorg.apache.santuario:xmlsec< 1.5.6

▶Debianlibxml-security-java< 1.5.6-1+3

🔴Vulnerability Details

OSV

Improper Input Validation in Apache Santuario XML Security↗2022-05-13

▶

GHSA

Improper Input Validation in Apache Santuario XML Security↗2022-05-13

▶

OSV

CVE-2013-4517: Apache Santuario XML Security for Java before 1↗2014-01-11

▶

CVEList

CVE-2013-4517: Apache Santuario XML Security for Java before 1↗2014-01-11

▶

📋Vendor Advisories

Red Hat

Java: Java XML Signature DoS Attack↗2013-11-01

▶

Debian

CVE-2013-4517: libxml-security-java - Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, a...↗2013

▶

💬Community

Bugzilla

CVE-2013-4517 xml-security: Apache Santuario XML Security for Java: Java XML Signature DoS Attack [fedora-all]↗2014-10-28

▶

Bugzilla

CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack↗2013-12-20

▶