[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1885Date: (C)2009-08-11   (M)2023-12-22


Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-35986
SECUNIA-36201
ADV-2009-2196
FEDORA-2009-8305
FEDORA-2009-8332
FEDORA-2009-8345
FEDORA-2009-8350
MDVSA-2009:223
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch
http://svn.apache.org/viewvc?view=rev&revision=781488
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
https://bugzilla.redhat.com/show_bug.cgi?id=515515
xerces-c-dtd-dos(52321)

CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:300983
oval:org.secpod.oval:def:101766
oval:org.secpod.oval:def:300648
oval:org.secpod.oval:def:101373
...

© SecPod Technologies