[jira] [Commented] (XERCESJ-1685) Security threat CVE-2012-0881

JIRA Thu, 23 Nov 2017 12:34:27 -0800

    [ 
https://issues.apache.org/jira/browse/XERCESJ-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16264754#comment-16264754
 ]


Alberto Fernández commented on XERCESJ-1685:
--------------------------------------------

Thanks.

It's fixed in subversion, but after 2.11.0 release. I've marked the fix version 
to the unreleased 2.12.0

> Security threat CVE-2012-0881
> -----------------------------
>
>                 Key: XERCESJ-1685
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1685
>             Project: Xerces2-J
>          Issue Type: Bug
>            Reporter: Alberto Fernández
>              Labels: security
>             Fix For: 2.12.0
>
>
> Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU 
> consumption) via a crafted message to an XML service, which triggers hash 
> table collisions.
> [https://nvd.nist.gov/vuln/detail/CVE-2012-0881|https://nvd.nist.gov/vuln/detail/CVE-2012-0881]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (XERCESJ-1685) Security threat CVE-2012-0881

Reply via email to