CVE-2016-9596

MEDIUM

Redhat Jboss Core Services < 2.9.4 - Denial of Service

Title source: rule
STIX 2.1

Description

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

References (1)

Core 1
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1408302

Scores

CVSS v3 6.5
EPSS 0.0091
EPSS Percentile 55.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (2)
redhat/jboss_core_services
xmlsoft/libxml2 < 2.9.4
Published Aug 16, 2018
Tracked Since Feb 18, 2026