CVE-2013-4517

Name of the Vulnerable Software and Affected Versions Apache Santuario XML Security for Java versions 1.5.5 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, via crafted Document Type Definitions (DTDs) when applying Transforms, related to signatures. This is due to errors in resource management.

Recommendations For versions prior to 1.5.6, update to version 1.5.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted DTDs in the DOMCanonicalizationMethod.java component until a patch is applied.