VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-0170.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-0171.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-0172.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-0195.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-1725.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-1726.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-1727.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-1728.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-0675.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-0850.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-0851.html
generic_textual	MODERATE	http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
epss	0.14926	https://api.first.org/data/v1/epss?cve=CVE-2013-4517
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2013/Dec/169
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/89891
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4p4w-6h54-g885
generic_textual	MODERATE	https://github.com/apache/santuario-java/commit/a09b9042f7759d094f2d49f40fc7bcf145164b25
generic_textual	MODERATE	https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-4517
generic_textual	MODERATE	https://www.tenable.com/security/tns-2018-15

System

Score

Found at

generic_textual

MODERATE

http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-0170.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-0171.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-0172.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-0195.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-1725.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-1726.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-1727.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-1728.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2015-0675.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2015-0850.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2015-0851.html

generic_textual

MODERATE

http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

epss

0.14926

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

generic_textual

MODERATE

http://seclists.org/fulldisclosure/2013/Dec/169

generic_textual

MODERATE

https://exchange.xforce.ibmcloud.com/vulnerabilities/89891

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-4p4w-6h54-g885

generic_textual

MODERATE

https://github.com/apache/santuario-java/commit/a09b9042f7759d094f2d49f40fc7bcf145164b25

generic_textual

MODERATE

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2013-4517

generic_textual

MODERATE

https://www.tenable.com/security/tns-2018-15

Reference id

Reference type

URL

http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html

http://rhn.redhat.com/errata/RHSA-2014-0170.html

http://rhn.redhat.com/errata/RHSA-2014-0171.html

http://rhn.redhat.com/errata/RHSA-2014-0172.html

http://rhn.redhat.com/errata/RHSA-2014-0195.html

http://rhn.redhat.com/errata/RHSA-2014-1725.html

http://rhn.redhat.com/errata/RHSA-2014-1726.html

http://rhn.redhat.com/errata/RHSA-2014-1727.html

http://rhn.redhat.com/errata/RHSA-2014-1728.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4517.json

http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc

https://api.first.org/data/v1/epss?cve=CVE-2013-4517

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4517

http://seclists.org/fulldisclosure/2013/Dec/169

https://exchange.xforce.ibmcloud.com/vulnerabilities/89891

https://github.com/apache/santuario-java/commit/a09b9042f7759d094f2d49f40fc7bcf145164b25

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2013-4517

https://www.tenable.com/security/tns-2018-15

1045257

https://bugzilla.redhat.com/show_bug.cgi?id=1045257

733938

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733938

CVE-2013-4517

https://bugzilla.redhat.com/CVE-2013-4517

CVE-2013-4517.TXT.ASC

https://cwiki.apache.org/confluence/download/attachments/27821224/cve-2013-4517.txt.asc

GHSA-4p4w-6h54-g885

https://github.com/advisories/GHSA-4p4w-6h54-g885

RHSA-2014:0170

https://access.redhat.com/errata/RHSA-2014:0170

RHSA-2014:0171

https://access.redhat.com/errata/RHSA-2014:0171

RHSA-2014:0172

https://access.redhat.com/errata/RHSA-2014:0172

RHSA-2014:0195

https://access.redhat.com/errata/RHSA-2014:0195

RHSA-2014:0400

https://access.redhat.com/errata/RHSA-2014:0400

RHSA-2014:0473

https://access.redhat.com/errata/RHSA-2014:0473

RHSA-2014:0582

https://access.redhat.com/errata/RHSA-2014:0582

RHSA-2014:1725

https://access.redhat.com/errata/RHSA-2014:1725

RHSA-2014:1726

https://access.redhat.com/errata/RHSA-2014:1726

RHSA-2014:1727

https://access.redhat.com/errata/RHSA-2014:1727

RHSA-2014:1728

https://access.redhat.com/errata/RHSA-2014:1728

RHSA-2015:0675

https://access.redhat.com/errata/RHSA-2015:0675

RHSA-2015:0850

https://access.redhat.com/errata/RHSA-2015:0850

RHSA-2015:0851

https://access.redhat.com/errata/RHSA-2015:0851

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:15.803336+00:00	ProjectKB MSRImporter	Import	https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv	38.0.0

2026-04-01T12:38:15.803336+00:00

ProjectKB MSRImporter

Import

https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv

38.0.0

Vulnerability ID	VCID-h8wa-77tk-m3av
Aliases	CVE-2013-4517 GHSA-4p4w-6h54-g885
Summary	Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399	Resource Management Errors
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-400	Uncontrolled Resource Consumption

Percentile	0.94514
EPSS Score	0.14926
Published At	April 1, 2026, 12:55 p.m.