0 Replies Latest reply on Feb 11, 2016 12:02 AM by Vismay h

    how to upgrade jaxp libraries of jboss

    Vismay h Newbie

      we are dealing with these vulnerabilities, these are issues with XML parser from JDK . Our product uses both JDK supplied parsers and some jboss APIS to process the xml data. How do we know if we need to upgrade jboss supported xml libraries to mitigate these vulnerabilities? or these vulnerabilities does not affect jboss supported xml parsers ?

       

      CVE-2015-4893

      It was discovered that the JAXP component of OpenJDK did not enforce the maximum XML name limit (jdk.xml.MaxXMLNameLimit) when parsing XML files.  A specially crafted XML document could cause a Java application using JAXP to consume an excessive amount of memory and CPU time when parsed.

       

      CVE-2015-4803

      It was discovered that the JAXP component of OpenJDK did not use efficient data structures to store data from parsed XML documents.  A specially-crafted XML input could cause a Java application using JAXP to use an excessive amount of CPU time by e.g. triggering hash collisions.