SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS Full report: https://blogs.securiteam.com/index.php/archives/3271 Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Oracle Java JDK/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0) The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response Oracle acknowledged receiving the report, and has assigned it a tracking number: S0876966. We have no further information on patch availability or a workaround. -- Thanks Maor Shwartz Beyond Security GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Oracle Java and Apache Xerces PDF_Docx Server Side DoS – SecuriTeam Blogs.pdf
Description: Adobe PDF document
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/