lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 Sep 2017 16:01:01 +0300
From: Maor Shwartz <>
Cc: SecuriTeam Secure Disclosure <>
Subject: [FD] SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

Full report:
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Oracle
Java JDK/JRE ( and previous versions) packages and Apache Xerces

The vulnerabilities are:

Oracle JDK/JRE Concurrency-Related Denial of Service (with no setConnectTimeout) Concurrency-Related
Denial of Service

An independent security researcher has reported this vulnerability to
Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Oracle acknowledged receiving the report, and has assigned it a tracking
number: S0876966. We have no further information on patch availability or a

Maor Shwartz
Beyond Security
GPG Key ID: 93CC36E2DE7FF514

Download attachment "SSD Advisory – Oracle Java and Apache Xerces PDF_Docx Server Side DoS – SecuriTeam Blogs.pdf" of type "application/pdf" (131813 bytes)

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists