Vulnerability

CVE-2015-3192

 Report advisory or correction

CVSS Score 5.5 medium

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-119

References

http://pivotal.io/security/cve-2015-3192
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3192

[CVE-2015-3192] CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

See org.springframework/spring-oxm package information