CVE-2012-0881
First published: Fri Feb 03 2012(Updated: )
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Xerces2 Java | <=2.11.0 | |
| <=6.0.6.1 | ||
| <=6.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2014/07/08/11
- https://bugzilla.redhat.com/show_bug.cgi?id=787104
- https://issues.apache.org/jira/browse/XERCESJ-1685
- https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/134404
- https://www.ibm.com/support/pages/node/1942929 (Advisory)
- https://access.redhat.com/security/updates/classification/
Frequently Asked Questions
What is the vulnerability ID for this Apache Xerces2 Java vulnerability?
The vulnerability ID for this Apache Xerces2 Java vulnerability is CVE-2012-0881.
What is the severity of CVE-2012-0881?
The severity of CVE-2012-0881 is high with a severity value of 7.5.
How does the vulnerability in Apache Xerces2 Java occur?
The vulnerability in Apache Xerces2 Java occurs due to a flaw in the XML service, which can be exploited by sending a specially crafted message to an XML service.
What is the affected software for CVE-2012-0881?
The affected software for CVE-2012-0881 is IBM Security Verify Governance version up to and including 10.0.
How can the Apache Xerces2 Java vulnerability be fixed?
To fix the Apache Xerces2 Java vulnerability, it is recommended to apply the latest security patches and updates provided by the vendor.
- collector/nvd-index
- agent/type
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0881
- vendor/apache
- canonical/apache xerces2 java
- version/apache xerces2 java/2.11.0
- vendor/ibm
- canonical/ibm rpe
- version/ibm rpe/6.0.6.1
- version/ibm rpe/6.0.6