Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4482

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-4482
Last Modified 19 Aug 2009 01:20:04
Published 07 Oct 2008 10:00:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4482

Summary

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

Vulnerable Systems

Application

  • Apache Xerces-c%2b%2b 1.0.0

  • Apache Xerces-c%2b%2b 1.0.1

  • Apache Xerces-c%2b%2b 1.1.0

  • Apache Xerces-c%2b%2b 1.2.0

  • Apache Xerces-c%2b%2b 1.3.0

  • Apache Xerces-c%2b%2b 1.4.0

  • Apache Xerces-c%2b%2b 1.5.0

  • Apache Xerces-c%2b%2b 1.6.0

  • Apache Xerces-c%2b%2b 1.7.0

  • Apache Xerces-c%2b%2b 2.0.0

  • Apache Xerces-c%2b%2b 2.1.0

  • Apache Xerces-c%2b%2b 2.2.0

  • Apache Xerces-c%2b%2b 2.3.0

  • Apache Xerces-c%2b%2b 2.4.0

  • Apache Xerces-c%2b%2b 2.5.0

  • Apache Xerces-c%2b%2b 2.6.0

  • Apache Xerces-c%2b%2b 2.7.0

  • Apache Xerces-c%2b%2b 2.8.0


References

BID - 31533

XF - xerces-maxoccurs-dos(45596)

CONFIRM - http://xerces.apache.org/xerces-c/releases.html

SECUNIA - 32108

MISC - http://issues.apache.org/jira/browse/XERCESC-1051


Last Updated: 27 May 2016 10:48:30