Home > Vulnerability Database > CVE-2012-0881

Mend.io Vulnerability Database

CVE-2012-0881

Good to know:

Date: October 30, 2017

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

Language: SCALA

Severity Score

7.5

Related Resources (23)

Url: https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

Url: https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Url: https://access.redhat.com/security/cve/CVE-2012-0881

Url: https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

Url: http://www.openwall.com/lists/oss-security/2014/07/08/11

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-0881

Url: https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449

Url: https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

Url: https://issues.apache.org/jira/browse/XERCESJ-1685

Url: https://bugzilla.redhat.com/show_bug.cgi?id=787104

Url: https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

Url: https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E

Url: https://www.openwall.com/lists/oss-security/2014/07/08/11

Url: https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E

Url: https://www.oracle.com//security-alerts/cpujul2021.html

Url: https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E

Url: https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2012-0881

Severity Score

7.5

Weakness Type (CWE)

Resource Management Errors

CWE-399

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version existdb - no_fix;cuda-nvvp - 12.5.39;vufind/vufind - dev-legacy/mink-autoretry;vufind/vufind - dev-release-5.0;vufind/vufind - v3.1;vufind/vufind - dev-pullrequest_accessib_turn-my-account-menu-into-ul;vufind/vufind - dev-legacy/lbs4-daia;mpa-portable - no_fix;peptide-shaker - 2.0.5;peptide-shaker - 1.16.26;siu-toba/jasper - no_fix;jalview - 2.11.0;mzmine - no_fix;sirius-csifingerid - 5.8.2;lizetheb1920/high-chart - no_fix;techdivision/techdivision_magentounittesting - no_fix;bioconductor-rdavidwebservice - no_fix;fgbio - 0.4.0;fgbio - 0.2.0;eoulsan - 2.3;eoulsan - 2.5;pyspark - 3.0.0;flash20/yii2-adminh-asset - no_fix;qualimap - 2.2.2a;logol - no_fix;pepgenome - no_fix;r-boilerpiper - no_fix;silverstripe/fulltextsearch-extract - no_fix;Micro-Manager.NET - no_fix;flapjack - no_fix;openrefine - 3.4;docbook-xsl-stylesheets - no_fix;fiji - 20231211;metanovo - no_fix;pepquery - 2.0.2;owlready2 - 0.40;standardebooks - 2.5.0;org.amqphub.jca:resource-adapter-thorntail-example:no_fix;org.apache.servicemix.bundles:org.apache.servicemix.bundles.xerces:2.12.0_1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;org.apache.karaf.demos:web:2.4.1;xerces:xercesImpl:2.0.2;xerces:xercesImpl:2.12.0;xerces:xercesImpl:2.12.0;xerces:xercesImpl:2.3.0;com.innoventsolutions.birt.runtime:org.apache.xerces_2.9.0.v201101211617:no_fix;xerces:xerces:no_fix

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-0881

Good to know:

Date: October 30, 2017

Language: SCALA

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?