Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.130084
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia Linux Local Check: mgasa-2015-0294
Zusammenfassung:Mageia Linux Local Security Checks mgasa-2015-0294
Beschreibung:Summary:
Mageia Linux Local Security Checks mgasa-2015-0294

Vulnerability Insight:
In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protect against this kind of attack DTD support must be disabled by setting the disallow-doctype-dec feature in the DOM and SAX APIs to true and by setting the supportDTD property in the StAX API to false (CVE-2015-3192). This package is no longer supported for Mageia 4. Users of this package are advised to upgrade to Mageia 5

Solution:
Update the affected packages to the latest available version.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3192
BugTraq ID: 90853
http://www.securityfocus.com/bid/90853
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
RedHat Security Advisories: RHSA-2016:1218
https://access.redhat.com/errata/RHSA-2016:1218
RedHat Security Advisories: RHSA-2016:1219
https://access.redhat.com/errata/RHSA-2016:1219
RedHat Security Advisories: RHSA-2016:1592
http://rhn.redhat.com/errata/RHSA-2016-1592.html
RedHat Security Advisories: RHSA-2016:1593
http://rhn.redhat.com/errata/RHSA-2016-1593.html
RedHat Security Advisories: RHSA-2016:2035
http://rhn.redhat.com/errata/RHSA-2016-2035.html
RedHat Security Advisories: RHSA-2016:2036
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1036587
CopyrightCopyright (C) 2015 Eero Volotinen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.