SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Oracle Java JDK/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0)

The vulnerabilities are:

  • Oracle JDK/JRE Concurrency-Related Denial of Service
  • java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Oracle acknowledged receiving the report, and has assigned it a tracking number: S0876966. We have no further information on patch availability or a workaround.

Continue reading SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS