1. CVE-Search
  2. CVE-2009-2625
ID CVE-2009-2625
Summary XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-05-2022 - 14:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2015-04-20T04:02:39.637-04:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
    family unix
    id oval:org.mitre.oval:def:8520
    status accepted
    submitted 2010-03-22T17:00:25.000-04:00
    title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
    version 47
  • accepted 2013-04-29T04:18:55.655-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
    family unix
    id oval:org.mitre.oval:def:9356
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
    version 19
redhat via4
advisories
  • bugzilla
    id 512921
    title CVE-2009-2625 xerces-j2, JDK: XML parsing Denial-Of-Service (6845701)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment xerces-j2 is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615001
          • comment xerces-j2 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615002
        • AND
          • comment xerces-j2-demo is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615003
          • comment xerces-j2-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615004
        • AND
          • comment xerces-j2-javadoc-apis is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615005
          • comment xerces-j2-javadoc-apis is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615006
        • AND
          • comment xerces-j2-javadoc-impl is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615007
          • comment xerces-j2-javadoc-impl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615008
        • AND
          • comment xerces-j2-javadoc-other is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615009
          • comment xerces-j2-javadoc-other is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615010
        • AND
          • comment xerces-j2-javadoc-xni is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615011
          • comment xerces-j2-javadoc-xni is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615012
        • AND
          • comment xerces-j2-scripts is earlier than 0:2.7.1-7jpp.2.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091615013
          • comment xerces-j2-scripts is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091615014
    rhsa
    id RHSA-2009:1615
    released 2009-11-30
    severity Moderate
    title RHSA-2009:1615: xerces-j2 security update (Moderate)
  • bugzilla
    id 512921
    title CVE-2009-2625 xerces-j2, JDK: XML parsing Denial-Of-Service (6845701)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment xerces-j2 is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858001
          • comment xerces-j2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858002
        • AND
          • comment xerces-j2-demo is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858003
          • comment xerces-j2-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858004
        • AND
          • comment xerces-j2-javadoc-apis is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858005
          • comment xerces-j2-javadoc-apis is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858006
        • AND
          • comment xerces-j2-javadoc-impl is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858007
          • comment xerces-j2-javadoc-impl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858008
        • AND
          • comment xerces-j2-javadoc-other is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858009
          • comment xerces-j2-javadoc-other is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858010
        • AND
          • comment xerces-j2-javadoc-xni is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858011
          • comment xerces-j2-javadoc-xni is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858012
        • AND
          • comment xerces-j2-scripts is earlier than 0:2.7.1-12.6.el6_0
            oval oval:com.redhat.rhsa:tst:20110858013
          • comment xerces-j2-scripts is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858014
    rhsa
    id RHSA-2011:0858
    released 2011-06-08
    severity Moderate
    title RHSA-2011:0858: xerces-j2 security update (Moderate)
  • rhsa
    id RHSA-2009:1199
  • rhsa
    id RHSA-2009:1200
  • rhsa
    id RHSA-2009:1201
  • rhsa
    id RHSA-2009:1636
  • rhsa
    id RHSA-2009:1637
  • rhsa
    id RHSA-2009:1649
  • rhsa
    id RHSA-2009:1650
  • rhsa
    id RHSA-2012:1232
  • rhsa
    id RHSA-2012:1537
rpms
  • java-1.5.0-sun-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.20-1jpp.1.el5
  • java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.2.b09.el5
  • java-1.5.0-ibm-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-accessibility-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-demo-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-demo-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-devel-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-devel-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.10-1jpp.4.el5
  • java-1.5.0-ibm-src-1:1.5.0.10-1jpp.4.el4
  • java-1.5.0-ibm-src-1:1.5.0.10-1jpp.4.el5
  • java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-demo-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-devel-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-src-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.6.0-ibm-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-demo-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-demo-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-devel-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.6-1jpp.3.el5
  • java-1.6.0-ibm-src-1:1.6.0.6-1jpp.3.el4
  • java-1.6.0-ibm-src-1:1.6.0.6-1jpp.3.el5
  • xerces-j2-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-debuginfo-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-demo-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-javadoc-apis-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-javadoc-impl-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-javadoc-other-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-javadoc-xni-0:2.7.1-7jpp.2.el5_4.2
  • xerces-j2-scripts-0:2.7.1-7jpp.2.el5_4.2
  • glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4
  • glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4
  • glassfish-jaxb-javadoc-0:2.1.4-1.12.patch03.ep1.el4
  • glassfish-jsf-0:1.2_13-2.1.ep1.el4
  • hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4
  • hibernate3-annotations-javadoc-0:3.3.1-1.11.GA_CP02.ep1.el4
  • hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4
  • hibernate3-entitymanager-javadoc-0:3.3.2-2.5.GA_CP01.ep1.el4
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
  • jacorb-0:2.3.0-1jpp.ep1.9.el4
  • jakarta-commons-logging-jboss-0:1.1-9.ep1.el4
  • jboss-aop-0:1.5.5-3.CP04.2.ep1.el4
  • jboss-common-0:1.2.1-0jpp.ep1.3.el4
  • jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4
  • jboss-remoting-0:2.2.3-3.SP1.ep1.el4
  • jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4
  • jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4
  • jboss-seam2-0:2.0.2.FP-1.ep1.21.el4
  • jboss-seam2-docs-0:2.0.2.FP-1.ep1.21.el4
  • jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4
  • jbossas-4.3.0.GA_CP07-bin-0:4.3.0-6.GA_CP07.4.ep1.el4
  • jbossas-client-0:4.3.0-6.GA_CP07.4.ep1.el4
  • jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4
  • jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4
  • jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4
  • jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4
  • jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4
  • jbossws-native42-0:2.0.1-4.SP2_CP07.2.ep1.el4
  • jcommon-0:1.0.16-1.1.ep1.el4
  • jfreechart-0:1.0.13-2.3.1.ep1.el4
  • jgroups-1:2.4.7-1.ep1.el4
  • quartz-0:1.5.2-1jpp.patch01.ep1.4.el4
  • rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4
  • rh-eap-docs-examples-0:4.3.0-6.GA_CP07.ep1.3.el4
  • xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4
  • xml-security-0:1.3.0-1.3.patch01.ep1.2.el4
  • glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4
  • glassfish-jsf-0:1.2_13-2.1.ep1.el4
  • hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4
  • hibernate3-annotations-javadoc-0:3.3.1-1.11.GA_CP02.ep1.el4
  • hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4
  • hibernate3-entitymanager-javadoc-0:3.3.2-2.5.GA_CP01.ep1.el4
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
  • jacorb-0:2.3.0-1jpp.ep1.9.el4
  • jakarta-commons-logging-jboss-0:1.1-9.ep1.el4
  • jboss-aop-0:1.5.5-3.CP04.2.ep1.el4
  • jboss-common-0:1.2.1-0jpp.ep1.3.el4
  • jboss-remoting-0:2.2.3-3.SP1.ep1.el4
  • jboss-seam-0:1.2.1-1.ep1.22.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.22.el4
  • jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4
  • jbossas-4.2.0.GA_CP08-bin-0:4.2.0-5.GA_CP08.5.ep1.el4
  • jbossas-client-0:4.2.0-5.GA_CP08.5.ep1.el4
  • jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4
  • jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4
  • jcommon-0:1.0.16-1.1.ep1.el4
  • jfreechart-0:1.0.13-2.3.1.ep1.el4
  • jgroups-1:2.4.7-1.ep1.el4
  • quartz-0:1.5.2-1jpp.patch01.ep1.4.el4
  • rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4
  • rh-eap-docs-examples-0:4.2.0-6.GA_CP08.ep1.3.el4
  • xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4
  • xml-security-0:1.3.0-1.3.patch01.ep1.2.el4
  • glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5
  • glassfish-jaxb-javadoc-0:2.1.4-1.12.patch03.1.ep1.el5
  • glassfish-jsf-0:1.2_13-2.1.ep1.el5
  • hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
  • hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5
  • hibernate3-annotations-javadoc-0:3.3.1-1.11GA_CP02.ep1.el5
  • hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5
  • hibernate3-entitymanager-javadoc-0:3.3.2-2.5.1.ep1.el5
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
  • jacorb-0:2.3.0-1jpp.ep1.9.1.el5
  • jboss-aop-0:1.5.5-3.CP04.2.ep1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.3.el5.1
  • jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5
  • jboss-remoting-0:2.2.3-3.SP1.ep1.el5
  • jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1
  • jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1
  • jboss-seam2-0:2.0.2.FP-1.ep1.18.el5
  • jboss-seam2-docs-0:2.0.2.FP-1.ep1.18.el5
  • jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5
  • jbossas-4.3.0.GA_CP07-bin-0:4.3.0-6.GA_CP07.4.2.ep1.el5
  • jbossas-client-0:4.3.0-6.GA_CP07.4.2.ep1.el5
  • jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5
  • jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5
  • jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5
  • jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5
  • jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5
  • jbossws-native42-0:2.0.1-4.SP2_CP07.2.1.ep1.el5
  • jcommon-0:1.0.16-1.1.ep1.el5
  • jfreechart-0:1.0.13-2.3.1.ep1.el5
  • jgroups-1:2.4.7-1.ep1.el5
  • quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5
  • rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5
  • rh-eap-docs-examples-0:4.3.0-6.GA_CP07.ep1.3.el5
  • xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5
  • glassfish-jsf-0:1.2_13-2.1.ep1.el5
  • hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
  • hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5
  • hibernate3-annotations-javadoc-0:3.3.1-1.11GA_CP02.ep1.el5
  • hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5
  • hibernate3-entitymanager-javadoc-0:3.3.2-2.5.1.ep1.el5
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
  • jacorb-0:2.3.0-1jpp.ep1.9.1.el5
  • jboss-aop-0:1.5.5-3.CP04.2.ep1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.3.el5.1
  • jboss-remoting-0:2.2.3-3.SP1.ep1.el5
  • jboss-seam-0:1.2.1-1.ep1.14.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.14.el5
  • jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5
  • jbossas-4.2.0.GA_CP08-bin-0:4.2.0-5.GA_CP08.5.2.ep1.el5
  • jbossas-client-0:4.2.0-5.GA_CP08.5.2.ep1.el5
  • jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5
  • jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5
  • jcommon-0:1.0.16-1.1.ep1.el5
  • jfreechart-0:1.0.13-2.3.1.ep1.el5
  • jgroups-1:2.4.7-1.ep1.el5
  • quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5
  • rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5
  • rh-eap-docs-examples-0:4.2.0-6.GA_CP08.ep1.3.el5
  • xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.3.el4
  • xerces-j2-0:2.7.1-12.6.el6_0
  • xerces-j2-debuginfo-0:2.7.1-12.6.el6_0
  • xerces-j2-demo-0:2.7.1-12.6.el6_0
  • xerces-j2-javadoc-apis-0:2.7.1-12.6.el6_0
  • xerces-j2-javadoc-impl-0:2.7.1-12.6.el6_0
  • xerces-j2-javadoc-other-0:2.7.1-12.6.el6_0
  • xerces-j2-javadoc-xni-0:2.7.1-12.6.el6_0
  • xerces-j2-scripts-0:2.7.1-12.6.el6_0
  • jasperreports-server-pro-0:4.7.1-2.el6ev
refmap via4
apple APPLE-SA-2009-09-03-1
bid 35958
bugtraq 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
cert
  • TA09-294A
  • TA10-012A
confirm
debian DSA-1984
fedora
  • FEDORA-2009-8329
  • FEDORA-2009-8337
hp
  • HPSBUX02476
  • SSRT090250
mandriva
  • MDVSA-2009:209
  • MDVSA-2011:108
misc
mlist
  • [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1
  • [lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1
  • [oss-security] 20090906 Re: Re: expat bug 1990430
  • [oss-security] 20091022 Re: Regarding expat bug 1990430
  • [oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
  • [oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
sectrack 1022680
secunia
  • 36162
  • 36176
  • 36180
  • 36199
  • 37300
  • 37460
  • 37671
  • 37754
  • 38231
  • 38342
  • 43300
  • 50549
slackware SSA:2011-041-02
sunalert
  • 1021506
  • 263489
  • 272209
suse
  • SUSE-SA:2009:053
  • SUSE-SR:2009:016
  • SUSE-SR:2009:017
  • SUSE-SR:2010:013
ubuntu USN-890-1
vupen
  • ADV-2009-2543
  • ADV-2009-3316
  • ADV-2011-0359
Last major update 13-05-2022 - 14:44
Published 06-08-2009 - 15:30
Last modified 13-05-2022 - 14:44
Back to Top