Candidate: CVE-2015-3192
PublicDate: 2016-07-12 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
 https://pivotal.io/security/cve-2015-3192
 https://jira.spring.io/browse/SPR-13136
Description:
 Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly
 process inline DTD declarations when DTD is not entirely disabled, which
 allows remote attackers to cause a denial of service (memory consumption
 and out-of-memory errors) via a crafted XML file.
Ubuntu-Description:
 Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML
 files. A remote attacker could exploit this with a crafted XML file to cause a
 denial of service.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_libspring-java:
upstream_libspring-java: released (3.2.14)
precise_libspring-java: ignored (reached end-of-life)
precise/esm_libspring-java: DNE (precise was needed)
trusty_libspring-java: ignored (out of standard support)
trusty/esm_libspring-java: needed
vivid_libspring-java: ignored (reached end-of-life)
vivid/stable-phone-overlay_libspring-java: DNE
vivid/ubuntu-core_libspring-java: DNE
wily_libspring-java: ignored (reached end-of-life)
xenial_libspring-java: ignored (end of standard support, was needed)
yakkety_libspring-java: ignored (reached end-of-life)
zesty_libspring-java: ignored (reached end-of-life)
artful_libspring-java: ignored (reached end-of-life)
bionic_libspring-java: not-affected (4.3.14-1)
cosmic_libspring-java: not-affected (4.3.14-1)
disco_libspring-java: not-affected (4.3.14-1)
eoan_libspring-java: not-affected (4.3.14-1)
focal_libspring-java: not-affected (4.3.14-1)
groovy_libspring-java: not-affected (4.3.14-1)
hirsute_libspring-java: not-affected (4.3.14-1)
impish_libspring-java: not-affected (4.3.14-1)
jammy_libspring-java: not-affected (4.3.14-1)
devel_libspring-java: not-affected (4.3.14-1)