A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | java-1.6.0-openjdk | 2013-11-05 13:35 | ALAS-2013-246 |
Amazon Linux 1 | java-1.7.0-openjdk | 2013-10-23 15:22 | ALAS-2013-235 |
Amazon Linux 1 | xerces-j2 | 2014-10-28 17:13 | ALAS-2014-436 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |