Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.130084
Category:Mageia Linux Local Security Checks
Title:Mageia Linux Local Check: mgasa-2015-0294
Summary:Mageia Linux Local Security Checks mgasa-2015-0294
Description:Summary:
Mageia Linux Local Security Checks mgasa-2015-0294

Vulnerability Insight:
In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protect against this kind of attack DTD support must be disabled by setting the disallow-doctype-dec feature in the DOM and SAX APIs to true and by setting the supportDTD property in the StAX API to false (CVE-2015-3192). This package is no longer supported for Mageia 4. Users of this package are advised to upgrade to Mageia 5

Solution:
Update the affected packages to the latest available version.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-3192
BugTraq ID: 90853
http://www.securityfocus.com/bid/90853
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
RedHat Security Advisories: RHSA-2016:1218
https://access.redhat.com/errata/RHSA-2016:1218
RedHat Security Advisories: RHSA-2016:1219
https://access.redhat.com/errata/RHSA-2016:1219
RedHat Security Advisories: RHSA-2016:1592
http://rhn.redhat.com/errata/RHSA-2016-1592.html
RedHat Security Advisories: RHSA-2016:1593
http://rhn.redhat.com/errata/RHSA-2016-1593.html
RedHat Security Advisories: RHSA-2016:2035
http://rhn.redhat.com/errata/RHSA-2016-2035.html
RedHat Security Advisories: RHSA-2016:2036
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1036587
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.