What is CVE-2013-4517?

CVE-2013-4517 is a vulnerability in Apache Santuario_xml_security_for_java, classified under CWE-399. Published 2014-01-11.

Is CVE-2013-4517 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Santuario_xml_security_for_java

CVE-2013-4517

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

EPSS: 0.089 (94.5th percentile) — read the EPSS interpretation.

Affected products

Apache Santuario_xml_security_for_java — versions 1.2.0, 1.2.1, 1.3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2013-4517?: CVE-2013-4517 is a vulnerability in Apache Santuario_xml_security_for_java, classified under CWE-399. Published 2014-01-11.
Is CVE-2013-4517 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.