1. Home
  2. Vulnerabilities
  3. CVE-2013-4517

CVE-2013-4517

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 7.64 % (94th)
7.64% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

Weaknesses
CWE-399
Resource Management Errors
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2014-01-11 01:55:03
(10 years ago)
Updated Date
2023-11-07 02:16:19
(10 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Santuario Xml Security for Java 1.5.5 and prior versions cpe:2.3:a:apache:santuario_xml_security_for_java <= 1.5.5
  Apache Santuario Xml Security for Java 1.2.0 cpe:2.3:a:apache:santuario_xml_security_for_java:1.2.0
  Apache Santuario Xml Security for Java 1.2.1 cpe:2.3:a:apache:santuario_xml_security_for_java:1.2.1
  Apache Santuario Xml Security for Java 1.3.0 cpe:2.3:a:apache:santuario_xml_security_for_java:1.3.0
  Apache Santuario Xml Security for Java 1.4.0 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.0
  Apache Santuario Xml Security for Java 1.4.1 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.1
  Apache Santuario Xml Security for Java 1.4.2 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.2
  Apache Santuario Xml Security for Java 1.4.3 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.3
  Apache Santuario Xml Security for Java 1.4.4 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.4
  Apache Santuario Xml Security for Java 1.4.5 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.5
  Apache Santuario Xml Security for Java 1.4.6 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.6
  Apache Santuario Xml Security for Java 1.4.7 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.7
  Apache Santuario Xml Security for Java 1.4.8 cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.8
  Apache Santuario Xml Security for Java 1.5.0 cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.0
  Apache Santuario Xml Security for Java 1.5.1 cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.1
  Apache Santuario Xml Security for Java 1.5.2 cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.2
  Apache Santuario Xml Security for Java 1.5.3 cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.3
  Apache Santuario Xml Security for Java 1.5.4 cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4