First published: Fri Feb 03 2012(Updated: )
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Xerces2 Java | <=2.11.0 | |
<=6.0.6.1 | ||
<=6.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Apache Xerces2 Java vulnerability is CVE-2012-0881.
The severity of CVE-2012-0881 is high with a severity value of 7.5.
The vulnerability in Apache Xerces2 Java occurs due to a flaw in the XML service, which can be exploited by sending a specially crafted message to an XML service.
The affected software for CVE-2012-0881 is IBM Security Verify Governance version up to and including 10.0.
To fix the Apache Xerces2 Java vulnerability, it is recommended to apply the latest security patches and updates provided by the vendor.