First published: Wed Aug 12 2015(Updated: )
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
XMLTooling | <=1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-0851 is classified as having a high severity level due to its potential to cause denial of service.
To fix CVE-2015-0851, upgrade XMLTooling to version 1.5.5 or later.
CVE-2015-0851 affects users of XMLTooling versions prior to 1.5.5, including those using OpenSAML-C and Shibboleth Service Provider.
CVE-2015-0851 allows remote attackers to cause a denial of service by sending schema-invalid XML data.
Yes, CVE-2015-0851 is a remote exploit that leverages malformed XML input to crash the application.