Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-07-12T19:00:00
Updated: 2024-08-06T05:39:31.943Z
Reserved: 2015-04-10T00:00:00
Link: CVE-2015-3192
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-07-12T19:59:00.240
Modified: 2024-11-21T02:28:52.250
Link: CVE-2015-3192
Redhat