Description

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.

Remediation

References

http://www.securityfocus.com/bid/105538

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12585.pdf

Related Vulnerabilities

CVE-2019-12399 Vulnerability in maven package org.apache.kafka:kafka

CVE-2019-11818 Vulnerability in maven package org.opencms:org.opencms.workplace.tools.accounts

CVE-2019-16569 Vulnerability in maven package org.jenkins-ci.plugins:mantis

CVE-2017-16026 Vulnerability in maven package org.webjars.npm:request

CVE-2017-1000244 Vulnerability in maven package org.jvnet.hudson.plugins:favorite

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Tags

Third Party Advisory VDB Entry Vendor Advisory