Pivotal Spring Framework prior to 3.2.14 and 4.x prior to 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote malicious users to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring framework 3.2.13 |
||
vmware spring framework 3.2.5 |
||
vmware spring framework 3.2.4 |
||
vmware spring framework 3.2.7 |
||
vmware spring framework 3.2.6 |
||
vmware spring framework 3.2.9 |
||
vmware spring framework 3.2.8 |
||
vmware spring framework 3.2.1 |
||
pivotal software spring framework 3.2.0 |
||
vmware spring framework 3.2.12 |
||
vmware spring framework 3.2.11 |
||
vmware spring framework 3.2.10 |
||
vmware spring framework 3.2.3 |
||
vmware spring framework 3.2.2 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |
||
pivotal software spring framework 4.1.0 |
||
vmware spring framework 4.1.2 |
||
vmware spring framework 4.1.1 |
||
vmware spring framework 4.1.4 |
||
vmware spring framework 4.1.3 |
||
vmware spring framework 4.1.6 |
||
vmware spring framework 4.1.5 |