First published: Fri Jul 15 2016(Updated: )
It was discovered that the JAXP component of OpenJDK did not place a limit on the number of entity replacements performed when parsing XML files. A specially crafted XML document could cause a Java application using JAXP to consume an excessive amount of memory and CPU time when parsed. Updates correcting this issue address the problem by introducing a limit on the number of entity replacements that can be performed. The limit can be controlled using the jdk.xml.entityReplacementLimit system property.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle JDK | =1.6.0-update115 | |
Oracle JDK | =1.7.0-update101 | |
Oracle JDK | =1.8.0-update91 | |
Oracle JDK | =1.8.0-update92 | |
Oracle JRE | =1.6.0-update115 | |
Oracle JRE | =1.7.0-update101 | |
Oracle JRE | =1.8.0-update91 | |
Oracle JRE | =1.8.0-update92 | |
Oracle JRockit | =r28.3.10 | |
Oracle Linux | =5.0 | |
Oracle Linux | =6 | |
Oracle Linux | =7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.