VDB

RHSA-2014%3A1725

RHSA-2014%3A1725 PUBLISHED CVSS 5 MEDIUM

It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

Risk Scores

CVSS 2.0
5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Enterprise Application Platform 5.2

Timeline

  • Oct 28, 2014 CVE Published
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›