Signature Detail
Short Name |
HTTP:STC:SCRIPT:APACHE-XML-DOS |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Santuario XML Security for Java DTD Denial of Service |
Release Date |
2014/01/22 |
Update Number |
2337 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache Santuario XML Security for Java DTD Denial of Service
This signature detects attempts to exploit a known vulnerability in the Apache Santuario. A successful attack can result in a denial-of-service condition.
Extended Description
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Affected Products
- apache xml_security_for_java 1.2.0
- apache xml_security_for_java 1.2.1
- apache xml_security_for_java 1.3.0
- apache xml_security_for_java 1.4.0
- apache xml_security_for_java 1.4.1
- apache xml_security_for_java 1.4.2
- apache xml_security_for_java 1.4.3
- apache xml_security_for_java 1.4.4
- apache xml_security_for_java 1.4.5
- apache xml_security_for_java 1.4.6
- apache xml_security_for_java 1.4.7
- apache xml_security_for_java 1.4.8
- apache xml_security_for_java 1.5.0
- apache xml_security_for_java 1.5.1
- apache xml_security_for_java 1.5.2
- apache xml_security_for_java 1.5.3
- apache xml_security_for_java 1.5.4
- apache xml_security_for_java up to 1.5.5
References
- BugTraq: 64437
- CVE: CVE-2013-4517