Apache Xerces-c xml Parser DoS Vulnerability (CVE-2016-4463)
Apache Xerces-c xml Parser DoS Vulnerability (CVE-2016-4463)
Release date:
Updated on:
Affected Systems:
Apache Xerces-c xml parser <3.1.4
Description:
CVE (CAN) ID: CVE-2016-4463
Xerces is an open-source XML document parsing project promoted by the Apache organization. It currently has multiple language versions, including JAVA, C ++, PERL, and COM.
The Apache Xerces-c xml Parser fails to process deeply nested DTD, resulting in stack overflow. Unauthenticated attackers can exploit this vulnerability to perform DoS attacks on multiple applications.
<* Source: Brandon Perry
Link: http://seclists.org/bugtraq/2016/Jun/115
*>
Suggestion:
Vendor patch:
Apache
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://syncope.apache.org/security.html
Http://svn.apache.org/viewvc? View = revision & revision = 1747620
Http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
This article permanently updates the link address: