5
CVE-2015-0851
- EPSS 2.44%
- Veröffentlicht 12.08.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xmltooling Project ≫ Xmltooling Version <= 1.5.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.44% | 0.822 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
http://shibboleth.net/community/advisories/secadv_20150721.txt
http://www.debian.org/security/2015/dsa-3321
http://www.securityfocus.com/bid/76134
https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3Ba=commitdiff%3Bh=2d795c731e6729309044607154978696a87fd900