REDHAT-BUG-1973413
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. References: https://alephsecurity.com/vulns/aleph-2021003 http://jdom.org/news/index.html Upstream patch: https://github.com/hunterhacker/jdom/pull/188
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-1973413?
The severity of REDHAT-BUG-1973413 is categorized as high due to the potential for denial of service attacks.
How do I fix REDHAT-BUG-1973413?
To fix REDHAT-BUG-1973413, upgrade JDOM to version 2.0.6 or later to mitigate the XXE vulnerability.
What version of JDOM is affected by REDHAT-BUG-1973413?
JDOM versions up to, but not including, 2.0.6 are affected by REDHAT-BUG-1973413.
What type of attack is associated with REDHAT-BUG-1973413?
REDHAT-BUG-1973413 is associated with an XML External Entity (XXE) attack that can lead to denial of service.
Can REDHAT-BUG-1973413 affect my application?
If your application uses JDOM versions prior to 2.0.6, it is at risk of being affected by REDHAT-BUG-1973413.