Lucene search
MitreCVE-2008-4482HistoryOct 08, 2008 - 2:00 a.m.
CVE-2008-4482
2008-10-0802:00:01
CWE-20
mitre
web.nvd.nist.gov
30
xerces-c++
xml parser
cve-2008-4482
denial of service
nvd
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.2
Confidence
High
EPSS
0.003
Percentile
68.0%
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Affected configurations
Node
apachexerces-c\+\+Range≤2.8.0
ORapachexerces-c\+\+Match1.0.0
ORapachexerces-c\+\+Match1.0.1
ORapachexerces-c\+\+Match1.1.0
ORapachexerces-c\+\+Match1.2.0
ORapachexerces-c\+\+Match1.3.0
ORapachexerces-c\+\+Match1.4.0
ORapachexerces-c\+\+Match1.5.0
ORapachexerces-c\+\+Match1.6.0
ORapachexerces-c\+\+Match1.7.0
ORapachexerces-c\+\+Match2.0.0
ORapachexerces-c\+\+Match2.1.0
ORapachexerces-c\+\+Match2.2.0
ORapachexerces-c\+\+Match2.3.0
ORapachexerces-c\+\+Match2.4.0
ORapachexerces-c\+\+Match2.5.0
ORapachexerces-c\+\+Match2.6.0
ORapachexerces-c\+\+Match2.7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | xerces-c\+\+ | * | cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.0.0 | cpe:2.3:a:apache:xerces-c\+\+:1.0.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.0.1 | cpe:2.3:a:apache:xerces-c\+\+:1.0.1:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.1.0 | cpe:2.3:a:apache:xerces-c\+\+:1.1.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.2.0 | cpe:2.3:a:apache:xerces-c\+\+:1.2.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.3.0 | cpe:2.3:a:apache:xerces-c\+\+:1.3.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.4.0 | cpe:2.3:a:apache:xerces-c\+\+:1.4.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.5.0 | cpe:2.3:a:apache:xerces-c\+\+:1.5.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.6.0 | cpe:2.3:a:apache:xerces-c\+\+:1.6.0:*:*:*:*:*:*:* |
| apache | xerces-c\+\+ | 1.7.0 | cpe:2.3:a:apache:xerces-c\+\+:1.7.0:*:*:*:*:*:*:* |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200903-19 (xerces-c)
2009-03-13 00:00:00
Gentoo Security Advisory GLSA 200903-19 (xerces-c)
2009-03-13 00:00:00
gentoo
gentoo
Xerces-C++: Denial of service
2009-03-09 00:00:00
nessus
nessus
GLSA-200903-19 : Xerces-C++: Denial of Service
2009-03-10 00:00:00
nvd
nvd
CVE-2008-4482
2008-10-08 02:00:01
cvelist
cvelist
CVE-2008-4482
2008-10-08 01:00:00
prion
prion
Design/Logic Flaw
2008-10-08 02:00:00
redhatcve
redhatcve
CVE-2008-4482
2015-10-30 10:13:56
ubuntucve
ubuntucve
CVE-2008-4482
2008-10-08 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.2
Confidence
High
EPSS
0.003
Percentile
68.0%
Related for CVE-2008-4482