ID de Prueba:	1.3.6.1.4.1.25623.1.0.105898
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - Apache Xerces vulnerability CVE-2016-4463
Resumen:	Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Descripción:	Summary: Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4463 1036211 http://www.securitytracker.com/id/1036211 20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD http://www.securityfocus.com/archive/1/538784/100/0/threaded 91501 http://www.securityfocus.com/bid/91501 DSA-3610 https://www.debian.org/security/2016/dsa-3610 RHSA-2018:3335 https://access.redhat.com/errata/RHSA-2018:3335 RHSA-2018:3506 https://access.redhat.com/errata/RHSA-2018:3506 RHSA-2018:3514 https://access.redhat.com/errata/RHSA-2018:3514 http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt https://issues.apache.org/jira/browse/XERCESC-2069 https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069 https://www.oracle.com/security-alerts/cpuapr2020.html openSUSE-SU-2016:1808 http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html openSUSE-SU-2016:2232 http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.