CVE

Id
86255  
CVE No.
CVE-2015-8978  
Status
Candidate  
Description
In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.  
Phase
Assigned (20161122)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
758198 86255 CVE-2015-8978 CONFIRM:http://cpansearch.perl.org/src/PHRED/SOAP-Lite-1.20/Changes  View
758199 86255 CVE-2015-8978 BID:94487  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
605 JVNDB-2016-001378 複数の Microsoft Windows 製品の WebDAV クライアントにおける権限昇格の脆弱性 複数の Microsoft Windows 製品の WebDAV クライアントには、権限を取得される脆弱性が存在します。 CVE-2016-0051 86255 7.2 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001378.html  View