A flaw was found in Shibolleth xmltooling before version 3.0.4. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type that can lead to a server crash and denial of service. Upstream patch: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5 References: https://shibboleth.net/community/advisories/secadv_20190311.txt
Created xmltooling tracking bugs for this issue: Affects: fedora-all [bug 1695998]
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss Fuse 6 * Red Hat JBoss Data Virtualization & Services 6 * Red Hat JBoss Operations Network 3 * Red Hat Enterprise Application Platform 6 * Red Hat JBoss Data Grid 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Portal 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes/eol for more details.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9628