SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Oracle Java JDK/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0) The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure … Continue reading SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

*** This is a Security Bloggers Network syndicated blog from SecuriTeam Blogs authored by SSD / Maor Schwartz. Read the original post at: https://blogs.securiteam.com/index.php/archives/3271