Vulnerability Details : CVE-2015-0252
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2015-0252
- cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0252
26.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0252
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-0252
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0252
-
http://www.securitytracker.com/id/1032254
Apache Xerces-C XML Parser Bug Lets Remote Users Deny Service - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html
[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.2-1.fc22
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018
-
https://www.exploit-db.com/exploits/36906/
Apache Xerces-C XML Parser < 3.1.2 - Denial of Service (PoC) - Linux dos Exploit
-
http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt
Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html
[SECURITY] Fedora 21 Update: mingw-xerces-c-3.1.1-11.fc21
-
http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html
Apache Xerces-C XML Parser Denial Of Service ≈ Packet Storm
-
http://rhn.redhat.com/errata/RHSA-2015-1193.html
RHSA-2015:1193 - Security Advisory - Red Hat Customer Portal
-
https://shibboleth.net/community/advisories/secadv_20150319.txt
-
http://www.securityfocus.com/bid/73252
Xerces-C++ CVE-2015-0252 XML Parsing Remote Denial of Service Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html
[SECURITY] Fedora 22 Update: xerces-c-3.1.2-1.fc22
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html
[SECURITY] Fedora 20 Update: mingw-xerces-c-3.1.1-9.fc20
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html
[SECURITY] Fedora 21 Update: xerces-c-3.1.1-8.fc21
-
http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html
openSUSE-SU-2016:0966-1: moderate: Security update for xerces-c
-
http://www.debian.org/security/2015/dsa-3199
Debian -- Security Information -- DSA-3199-1 xerces-c
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html
[SECURITY] Fedora 20 Update: xerces-c-3.1.1-6.fc20
Jump to