CVE: 2013-4517 found in Apache XML Security for Java - Version: 1.5.1 [JAVA] #247

bnreplah · 2023-05-04T18:18:21Z

Veracode Software Composition Analysis

Attribute	Details
Library	Apache XML Security for Java
Description	Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of ver
Language	JAVA
Vulnerability	Denial Of Service (DoS) Memory Consumption
Vulnerability description	Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
CVE	2013-4517
CVSS score	4.3
Vulnerability present in version/s	1.0-1.5.5
Found library version/s	1.5.1
Vulnerability fixed in version	1.5.6
Library latest version	3.0.2
Fix

Links:

The text was updated successfully, but these errors were encountered:

bnreplah added Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability labels May 4, 2023