Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle HTTP Server Improper Restriction of XML External Entity Reference Vulnerability - CVE-2018-20843 - Vulnerability Database
Oracle HTTP Server

Oracle HTTP Server Improper Restriction of XML External Entity Reference Vulnerability - CVE-2018-20843

High
Reference: CVE-2018-20843
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-20843
Title: Oracle HTTP Server Improper Restriction of XML External Entity Reference Vulnerability
Overview:

In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).