CVE-2013-4517
Java: Java XML Signature DoS Attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Apache Santuario XML Security para Java anteriores a 1.5.6, cuando se aplican Transforms, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de Document Type Definitions (DTDs) manipulados, relacionado con firmas.
It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-12-20 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (24)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0170.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-0171.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-0172.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-0195.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-1725.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-1726.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-1727.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-1728.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2015-0675.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2015-0850.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2015-0851.html | 2023-11-07 | |
http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc | 2023-11-07 | |
http://secunia.com/advisories/55639 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2013-4517 | 2015-04-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1045257 | 2015-04-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | <= 1.5.5 Search vendor "Apache" for product "Santuario Xml Security For Java" and version " <= 1.5.5" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.2.0 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.2.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.2.1 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.2.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.3.0 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.3.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.0 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.1 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.2 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.3 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.4 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.5 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.5" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.6 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.6" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.7 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.7" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.4.8 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.4.8" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.5.0 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.5.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.5.1 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.5.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.5.2 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.5.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.5.3 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.5.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Santuario Xml Security For Java Search vendor "Apache" for product "Santuario Xml Security For Java" | 1.5.4 Search vendor "Apache" for product "Santuario Xml Security For Java" and version "1.5.4" | - |
Affected
|