[CVE-2015-3192] CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.