[jira] [Commented] (XERCESJ-1685) Security threat CVE-2012-0881

Scott Coldwell (JIRA) Tue, 30 Jan 2018 16:15:21 -0800

    [ 
https://issues.apache.org/jira/browse/XERCESJ-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346032#comment-16346032
 ]


Scott Coldwell commented on XERCESJ-1685:
-----------------------------------------

Please release 2.12.0 soon.  This CVE is flagged as critical in our 
vulnerability scans.

> Security threat CVE-2012-0881
> -----------------------------
>
>                 Key: XERCESJ-1685
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1685
>             Project: Xerces2-J
>          Issue Type: Bug
>            Reporter: Alberto Fernández
>            Priority: Major
>              Labels: security
>             Fix For: 2.12.0
>
>
> Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU 
> consumption) via a crafted message to an XML service, which triggers hash 
> table collisions.
> [https://nvd.nist.gov/vuln/detail/CVE-2012-0881|https://nvd.nist.gov/vuln/detail/CVE-2012-0881]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (XERCESJ-1685) Security threat CVE-2012-0881

Reply via email to