Danny Trunk created XERCESJ-1757:
------------------------------------
Summary: CVE-2017-10355
Key: XERCESJ-1757
URL: https://issues.apache.org/jira/browse/XERCESJ-1757
Project: Xerces2-J
Issue Type: Task
Affects Versions: 2.12.2
Reporter: Danny Trunk
*CVE-2017-10355* (OSSINDEX)
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS) The software
contains multiple threads or executable segments that are waiting for each
other to release a necessary lock, resulting in deadlock.
CWE-833 Deadlock
CVSSv3:
* Base Score: MEDIUM (5.9)
* Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
* OSSINDEX - [[CVE-2017-10355] CWE-833:
Deadlock|https://ossindex.sonatype.org/vulnerability/CVE-2017-10355?component-type=maven&component-name=xerces%2FxercesImpl&utm_source=dependency-check&utm_medium=integration&utm_content=8.2.1]
* OSSIndex - [https://blogs.securiteam.com/index.php/archives/3271]
Vulnerable Software & Versions (OSSINDEX):
* cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
