Vulnerabilites related to apache - xerces2_java
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2025-04-11 00:51
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "03D3F84F-3F6E-4DF1-B162-152293D951EA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", matchCriteriaId: "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "BAD59912-7325-4AE1-ACCF-D4F804AF3947", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", matchCriteriaId: "62783157-E3B6-4A23-8D2F-1FBD0762E9A0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", matchCriteriaId: "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", matchCriteriaId: "91A3129F-17A6-4F32-BD5D-34E4A1D1A840", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", matchCriteriaId: "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", matchCriteriaId: "CC7CD279-54B6-4F6B-AE14-299FB319C690", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", matchCriteriaId: "0EA269CA-4676-4008-89EF-20FAB89886A1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", matchCriteriaId: "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", matchCriteriaId: "601762D3-1188-4945-931D-EB8DAC2847A1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", matchCriteriaId: "FA4A30A6-498C-46B8-8EFC-45EB13354EAF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", matchCriteriaId: "414CC00A-C797-4C34-8709-75DC061DCDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", matchCriteriaId: "4401B967-0550-44F1-8753-9632120D2A44", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", matchCriteriaId: "4961693D-F56C-46CD-B721-6A15E2837C17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", matchCriteriaId: "AA4FBB66-CF6A-42D2-B122-1861F4139E75", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "14AD4A87-382A-41F0-96D8-0F0A9B738773", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "33701DDF-6882-41D3-A11B-A1F4585A77A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "76C5B430-EE11-4674-B4B0-895D66E3B32F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1837D84-6B4F-40D8-9A3F-71C328F659BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D20A369B-2168-4883-A84C-BB48A71AFB33", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "3628AAB4-E524-46E5-AAF4-1980256F13CE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "30DC9FE3-CDE9-4F83-989B-4E431BA18B56", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", matchCriteriaId: "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "81F529EB-2BCA-4E3E-93E4-2A9880CDA367", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "7694638C-CDAC-44DF-B9F9-F7237CD98017", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "23903A3C-1760-4836-BAE6-BDD32CBB4CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", matchCriteriaId: "2477E033-D26B-4D71-839B-5FE4B0927559", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "B1CAB7BF-265E-411D-A584-E78DE171F065", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", matchCriteriaId: "4E45F670-232F-4CE5-8926-6463E5619506", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5B70E6E3-15B3-4D48-AE49-B9184A58EECE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D5BCE3FD-B89B-4141-8103-9DB941AD60D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", matchCriteriaId: "8EADFB3B-738F-4919-B165-9ECEED46EA6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", matchCriteriaId: "B23A5431-E599-4848-AB83-B299898F5EF0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A8BF650-B8F5-467E-8DBF-81788B55F345", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1752A831-916F-4A7D-8AAE-1CEFACC51F91", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0C9744C4-76BE-428B-AFF2-5BCE00A58322", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "48B1DE45-90F9-416B-9087-8AEF5B0A3C46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A731493C-9B46-4105-9902-B15BA0E0FB11", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "49454369-A494-4EAA-88D5-181570DEBB4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", matchCriteriaId: "04C71221-E477-4DF8-B10A-3AC64511E4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", matchCriteriaId: "FF7DE0E6-F329-417B-8035-B4EBF9C97483", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", matchCriteriaId: "220536FA-695D-4DE8-9813-494E3D061B78", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", matchCriteriaId: "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", matchCriteriaId: "4F6B5E73-6751-475A-B9BF-3414D3476208", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", matchCriteriaId: "7CB654DC-1D3D-4475-8815-335AC573F54C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", matchCriteriaId: "DF26274E-5364-4FC1-9603-A78C365596DB", versionEndIncluding: "r27.7.6", versionStartIncluding: "r27.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", matchCriteriaId: "583E7A18-48C5-4AEE-A9C1-239D678E275A", versionEndIncluding: "r28.2.8", versionStartIncluding: "r28.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", matchCriteriaId: "CF65201D-8980-450A-A542-3B5473A6F374", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", matchCriteriaId: "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E179FC2F-C700-4998-9D7A-3B945874CAC1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "474DC3BA-27F2-452A-85AD-BCC476EDD35B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "997CA07C-EBB7-4D7F-AF23-A161817BF4A9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5BFE87FC-7B77-4840-8185-1707CB37323B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "C77DD8B3-A227-4350-8699-FEC822119393", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "420CC5FF-0300-4FA7-AB53-78C1A0B83C11", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B7132A0E-C2A1-403E-9516-A6911563D7B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", matchCriteriaId: "F32CA797-ED68-426E-9370-E16C90075E01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", matchCriteriaId: "40363692-5283-4D0C-BAE1-C049C02A0294", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", matchCriteriaId: "F805BA3A-178D-416E-9DED-4258F71A17C8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", matchCriteriaId: "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", matchCriteriaId: "1554D69E-D68E-46CA-B1F7-C24CAABF58E8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", matchCriteriaId: "4339DE06-19FB-4B8E-B6AE-3495F605AD05", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", matchCriteriaId: "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", matchCriteriaId: "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", matchCriteriaId: "79D7DBBA-6849-45F7-AFEF-C765569C481A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", matchCriteriaId: "2C634990-2690-4E3B-B21F-6687A6A34644", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", matchCriteriaId: "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", matchCriteriaId: "4CD2D897-E321-4CED-92E0-11A98B52053C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", matchCriteriaId: "D1D7B467-58DD-45F1-9F1F-632620DF072A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", matchCriteriaId: "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", matchCriteriaId: "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", matchCriteriaId: "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", matchCriteriaId: "7F61F047-129C-41A6-8A27-FFCBB8563E91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", matchCriteriaId: "8CFD62E4-794A-43C0-8C65-A44D970D1569", versionEndExcluding: "2.12.0", versionStartIncluding: "2.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", }, { lang: "es", value: "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se empleó en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, así como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegación de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML.", }, ], id: "CVE-2013-4002", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-23T11:03:19.790", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/56257", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT5982", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/61310", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { source: "psirt@us.ibm.com", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { source: "psirt@us.ibm.com", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { source: "psirt@us.ibm.com", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "psirt@us.ibm.com", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/56257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT5982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/61310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*", matchCriteriaId: "711BCDB5-83BC-4DBA-8097-2CD33617FD19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*", matchCriteriaId: "B5F20B3E-781F-4DC1-B939-B0EAFC515F71", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*", matchCriteriaId: "BEB37E93-38EB-4AEE-A3DD-D2097C0D6852", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*", matchCriteriaId: "59DED85A-153E-40B1-9ABA-D405204E464E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*", matchCriteriaId: "168E67FC-32BC-4DAE-B49C-840FD721D7AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*", matchCriteriaId: "83A2B4A2-ED27-4C12-871B-C0F78C3478FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*", matchCriteriaId: "9E8A5D2D-B620-449B-B599-51F5C9FC658C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*", matchCriteriaId: "9A39B469-5041-4715-B6AC-36D8777677EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*", matchCriteriaId: "F49DBD1F-D3F5-400B-AE2E-BC87B05A5051", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*", matchCriteriaId: "8E605982-97A2-4E5E-847E-2BB8AD77910C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*", matchCriteriaId: "848299EC-DE52-4511-BF53-C83022935964", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*", matchCriteriaId: "CD5BD598-ADBC-42EE-BF81-049D89CCA426", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*", matchCriteriaId: "64AC19E5-A20C-4D51-B465-ABCDBADF550A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*", matchCriteriaId: "A2CCCA1A-F0A1-4511-AF84-326DF406C0DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*", matchCriteriaId: "81B0BEF9-25FD-48F7-83BC-BEA31BC3A1BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*", matchCriteriaId: "4E6D8590-0A99-43E0-9256-9572112F9C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*", matchCriteriaId: "5F2A0870-A4D3-481B-8A37-A4DC282B0DE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*", matchCriteriaId: "20171515-B5A5-44D2-B7F7-21EDDE39989E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*", matchCriteriaId: "F734AF76-4CEE-4F9D-AD6A-6BECF1F977CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*", matchCriteriaId: "985B45F6-C285-4061-A656-A4C1A1FE59D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "4A420DA5-1346-446B-8D23-E1E6DDBE527E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*", matchCriteriaId: "B8CA8719-7ABE-4279-B49E-C414794A4FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*", matchCriteriaId: "DC92B7EC-849F-4255-9D55-43681B8DADC4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*", matchCriteriaId: "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*", matchCriteriaId: "1F3C1E65-929A-4468-8584-F086E6E59839", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*", matchCriteriaId: "42C95C1D-0C2E-4733-AB1B-65650D88995D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*", matchCriteriaId: "47A9F499-D1E3-41BD-AC18-E8D3D3231C12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*", matchCriteriaId: "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*", matchCriteriaId: "344FA3EA-9E25-493C-976A-211D1404B251", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*", matchCriteriaId: "D081A380-5AA4-4451-94A9-7B65810106E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*", matchCriteriaId: "112E7575-A3A0-4A94-AD39-7B2325B150B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*", matchCriteriaId: "708E8CEF-82EE-4D4B-ABF9-87AA4878F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*", matchCriteriaId: "D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", matchCriteriaId: "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", matchCriteriaId: "B3BB5EDB-520B-4DEF-B06E-65CA13152824", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", matchCriteriaId: "1B42AB65-443B-4655-BAEA-4EB4A43D9509", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", matchCriteriaId: "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", matchCriteriaId: "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", matchCriteriaId: "4CD2D897-E321-4CED-92E0-11A98B52053C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*", matchCriteriaId: "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", matchCriteriaId: "79A35457-EAA3-4BF9-A4DA-B2E414A75A02", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", matchCriteriaId: "F13F07CC-739B-465C-9184-0E9D708BD4C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8C757774-08E7-40AA-B532-6F705C8F7639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", matchCriteriaId: "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", matchCriteriaId: "7EBFE35C-E243-43D1-883D-4398D71763CC", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", matchCriteriaId: "4747CC68-FAF4-482F-929A-9DA6C24CB663", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", matchCriteriaId: "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", matchCriteriaId: "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*", matchCriteriaId: "4F920C50-FE0F-4915-965A-AA58884DF7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "944FDBF2-1262-4B85-A7D3-537330144D22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*", matchCriteriaId: "57C2F58F-13AA-45C5-9172-8465B44CA9FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2A3115EB-0671-4E0C-9B75-FACFD6D42B88", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*", matchCriteriaId: "F3376F25-51D0-4D84-AFC7-AD1C1BCA0191", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*", matchCriteriaId: "BDE00C3E-BB4E-4E71-86B8-E637BCD033A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*", matchCriteriaId: "AC3C1085-3255-449C-AFE3-984EFAC5BCCE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", }, { lang: "es", value: "Apache Xerces2 Java, tal como se utiliza en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior a la actualización 15 y el JDK y JRE v5.0 antes de la actualización 20, y en otros productos, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y la cuelgue de aplicación) a través de una entrada XML malformada, como lo demuestra Codenomicon XML fuzzing framework.", }, ], id: "CVE-2009-2625", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-06T15:30:00.327", references: [ { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1537.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36162", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36176", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36180", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36199", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37300", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37460", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37671", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37754", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/38231", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/38342", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/43300", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/50549", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", }, { source: "cret@cert.org", tags: [ "Broken Link", "Patch", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { source: "cret@cert.org", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1", }, { source: "cret@cert.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.codenomicon.com/labs/xml/", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2010/dsa-1984", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/09/06/1", }, { source: "cret@cert.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/10/22/9", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/10/23/6", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/10/26/3", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1615.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0858.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/35958", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022680", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-890-1", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-012A.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { source: "cret@cert.org", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2009/2543", }, { source: "cret@cert.org", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { source: "cret@cert.org", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2011/0359", }, { source: "cret@cert.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { source: "cret@cert.org", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1199.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1537.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36199", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/38231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/38342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/43300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/50549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.codenomicon.com/labs/xml/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2010/dsa-1984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/09/06/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/10/22/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/10/23/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2009/10/26/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1615.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0858.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/35958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-890-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-012A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2009/2543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2011/0359", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1199.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-30 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | xerces2_java | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", matchCriteriaId: "0C8459C1-2465-4E59-95E9-1AF6736C3D62", versionEndIncluding: "2.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.", }, { lang: "es", value: "Apache Xerces2 Java Parser en versiones anteriores a la 2.12.0 permite que atacantes remotos provoquen una denegación de servicio (consumo de CPU) mediante un mensaje manipulado a un servicio XML, lo que desencadena las colisiones de tabla hash.", }, ], id: "CVE-2012-0881", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-30T16:29:00.270", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=787104", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1685", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=787104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2012-0881
Vulnerability from cvelistv5
Published
2017-10-30 16:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:38:15.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { name: "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1685", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=787104", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210928 [GitHub] [hadoop] warrenzhu25 opened a new pull request #3496: HADOOP-17941. Update xerces to 2.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-08T00:00:00", descriptions: [ { lang: "en", value: "Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-28T19:06:16", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { name: "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1685", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=787104", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210928 [GitHub] [hadoop] warrenzhu25 opened a new pull request #3496: HADOOP-17941. Update xerces to 2.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0881", datePublished: "2017-10-30T16:00:00", dateReserved: "2012-01-19T00:00:00", dateUpdated: "2024-08-06T18:38:15.063Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2625
Vulnerability from cvelistv5
Published
2009-08-06 15:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:59:56.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SSA:2011-041-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", }, { name: "RHSA-2009:1200", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { name: "RHSA-2009:1199", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1199.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", }, { name: "USN-890-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-890-1", }, { name: "36162", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36162", }, { name: "ADV-2009-2543", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2543", }, { name: "DSA-1984", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2010/dsa-1984", }, { name: "[oss-security] 20091022 Re: Regarding expat bug 1990430", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/10/22/9", }, { name: "1021506", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1", }, { name: "37460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37460", }, { name: "RHSA-2009:1615", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1615.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "HPSBUX02476", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "37754", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37754", }, { name: "RHSA-2009:1637", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.codenomicon.com/labs/xml/", }, { name: "36199", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36199", }, { name: "RHSA-2012:1537", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1537.html", }, { name: "SUSE-SR:2010:013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { name: "MDVSA-2009:209", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { name: "FEDORA-2009-8329", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { name: "RHSA-2011:0858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0858.html", }, { name: "SSRT090250", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "1022680", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022680", }, { name: "37671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37671", }, { name: "38342", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38342", }, { name: "RHSA-2009:1636", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { name: "35958", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/35958", }, { name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "RHSA-2009:1649", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { name: "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/10/26/3", }, { name: "TA09-294A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { name: "50549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50549", }, { name: "oval:org.mitre.oval:def:8520", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520", }, { name: "36180", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36180", }, { name: "38231", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38231", }, { name: "272209", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1", }, { name: "MDVSA-2011:108", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { name: "36176", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36176", }, { name: "FEDORA-2009-8337", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, { name: "43300", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43300", }, { name: "oval:org.mitre.oval:def:9356", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356", }, { name: "TA10-012A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-012A.html", }, { name: "SUSE-SR:2009:016", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { name: "RHSA-2012:1232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "263489", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", }, { name: "37300", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37300", }, { name: "APPLE-SA-2009-09-03-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { name: "SUSE-SA:2009:053", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { name: "RHSA-2009:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { name: "SUSE-SR:2009:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", }, { name: "[oss-security] 20090906 Re: Re: expat bug 1990430", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/09/06/1", }, { name: "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/10/23/6", }, { name: "ADV-2011-0359", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0359", }, { name: "ADV-2009-3316", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "RHSA-2009:1650", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-05T00:00:00", descriptions: [ { lang: "en", value: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-20T16:06:10", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "SSA:2011-041-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", }, { name: "RHSA-2009:1200", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { name: "RHSA-2009:1199", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1199.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", }, { name: "USN-890-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-890-1", }, { name: "36162", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36162", }, { name: "ADV-2009-2543", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2543", }, { name: "DSA-1984", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2010/dsa-1984", }, { name: "[oss-security] 20091022 Re: Regarding expat bug 1990430", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/10/22/9", }, { name: "1021506", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1", }, { name: "37460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37460", }, { name: "RHSA-2009:1615", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1615.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "HPSBUX02476", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "37754", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37754", }, { name: "RHSA-2009:1637", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.codenomicon.com/labs/xml/", }, { name: "36199", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36199", }, { name: "RHSA-2012:1537", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1537.html", }, { name: "SUSE-SR:2010:013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { name: "MDVSA-2009:209", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { name: "FEDORA-2009-8329", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { name: "RHSA-2011:0858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0858.html", }, { name: "SSRT090250", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "1022680", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022680", }, { name: "37671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37671", }, { name: "38342", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38342", }, { name: "RHSA-2009:1636", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { name: "35958", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/35958", }, { name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "RHSA-2009:1649", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { name: "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/10/26/3", }, { name: "TA09-294A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { name: "50549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50549", }, { name: "oval:org.mitre.oval:def:8520", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520", }, { name: "36180", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36180", }, { name: "38231", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38231", }, { name: "272209", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1", }, { name: "MDVSA-2011:108", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { name: "36176", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36176", }, { name: "FEDORA-2009-8337", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, { name: "43300", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43300", }, { name: "oval:org.mitre.oval:def:9356", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356", }, { name: "TA10-012A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-012A.html", }, { name: "SUSE-SR:2009:016", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { name: "RHSA-2012:1232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "263489", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", }, { name: "37300", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37300", }, { name: "APPLE-SA-2009-09-03-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { name: "SUSE-SA:2009:053", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { name: "RHSA-2009:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { name: "SUSE-SR:2009:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", }, { name: "[oss-security] 20090906 Re: Re: expat bug 1990430", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/09/06/1", }, { name: "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/10/23/6", }, { name: "ADV-2011-0359", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0359", }, { name: "ADV-2009-3316", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "RHSA-2009:1650", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2009-2625", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SSA:2011-041-02", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", }, { name: "RHSA-2009:1200", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { name: "RHSA-2009:1199", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1199.html", }, { name: "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", refsource: "MISC", url: "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", }, { name: "USN-890-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-890-1", }, { name: "36162", refsource: "SECUNIA", url: "http://secunia.com/advisories/36162", }, { name: "ADV-2009-2543", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2543", }, { name: "DSA-1984", refsource: "DEBIAN", url: "http://www.debian.org/security/2010/dsa-1984", }, { name: "[oss-security] 20091022 Re: Regarding expat bug 1990430", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/10/22/9", }, { name: "1021506", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1", }, { name: "37460", refsource: "SECUNIA", url: "http://secunia.com/advisories/37460", }, { name: "RHSA-2009:1615", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2009-1615.html", }, { name: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "HPSBUX02476", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "37754", refsource: "SECUNIA", url: "http://secunia.com/advisories/37754", }, { name: "RHSA-2009:1637", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { name: "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", refsource: "MISC", url: "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", }, { name: "http://www.codenomicon.com/labs/xml/", refsource: "MISC", url: "http://www.codenomicon.com/labs/xml/", }, { name: "36199", refsource: "SECUNIA", url: "http://secunia.com/advisories/36199", }, { name: "RHSA-2012:1537", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-1537.html", }, { name: "SUSE-SR:2010:013", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { name: "MDVSA-2009:209", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { name: "FEDORA-2009-8329", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { name: "RHSA-2011:0858", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-0858.html", }, { name: "SSRT090250", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "1022680", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022680", }, { name: "37671", refsource: "SECUNIA", url: "http://secunia.com/advisories/37671", }, { name: "38342", refsource: "SECUNIA", url: "http://secunia.com/advisories/38342", }, { name: "RHSA-2009:1636", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { name: "35958", refsource: "BID", url: "http://www.securityfocus.com/bid/35958", }, { name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "RHSA-2009:1649", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { name: "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/10/26/3", }, { name: "TA09-294A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { name: "50549", refsource: "SECUNIA", url: "http://secunia.com/advisories/50549", }, { name: "oval:org.mitre.oval:def:8520", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520", }, { name: "36180", refsource: "SECUNIA", url: "http://secunia.com/advisories/36180", }, { name: "38231", refsource: "SECUNIA", url: "http://secunia.com/advisories/38231", }, { name: "272209", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1", }, { name: "MDVSA-2011:108", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", }, { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { name: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", refsource: "CONFIRM", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { name: "36176", refsource: "SECUNIA", url: "http://secunia.com/advisories/36176", }, { name: "FEDORA-2009-8337", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, { name: "43300", refsource: "SECUNIA", url: "http://secunia.com/advisories/43300", }, { name: "oval:org.mitre.oval:def:9356", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356", }, { name: "TA10-012A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA10-012A.html", }, { name: "SUSE-SR:2009:016", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { name: "RHSA-2012:1232", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "263489", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1", }, { name: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", }, { name: "37300", refsource: "SECUNIA", url: "http://secunia.com/advisories/37300", }, { name: "APPLE-SA-2009-09-03-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { name: "SUSE-SA:2009:053", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { name: "RHSA-2009:1201", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { name: "SUSE-SR:2009:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", }, { name: "[oss-security] 20090906 Re: Re: expat bug 1990430", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/09/06/1", }, { name: "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/10/23/6", }, { name: "ADV-2011-0359", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/0359", }, { name: "ADV-2009-3316", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "RHSA-2009:1650", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2009-2625", datePublished: "2009-08-06T15:00:00", dateReserved: "2009-07-28T00:00:00", dateUpdated: "2024-08-07T05:59:56.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4002
Vulnerability from cvelistv5
Published
2013-07-23 10:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:49.315Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IC98015", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { name: "RHSA-2013:1060", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1447", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { name: "RHSA-2015:0765", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { name: "RHSA-2013:1440", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { name: "RHSA-2015:0675", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { name: "61310", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/61310", }, { name: "RHSA-2015:0773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { name: "RHSA-2015:0720", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { name: "SUSE-SU-2013:1257", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "USN-2033-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { name: "USN-2089-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { name: "SUSE-SU-2013:1256", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "HPSBUX02944", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { name: "RHSA-2013:1505", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { name: "HPSBUX02943", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { name: "RHSA-2014:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { name: "56257", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56257", }, { name: "SUSE-SU-2013:1263", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "RHSA-2014:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { name: "openSUSE-SU-2013:1663", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { name: "SUSE-SU-2013:1666", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { name: "APPLE-SA-2013-10-15-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { name: "SUSE-SU-2013:1293", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "RHSA-2013:1081", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { name: "SUSE-SU-2013:1255", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "RHSA-2013:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { name: "RHSA-2014:1818", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { name: "RHSA-2014:1821", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { name: "SUSE-SU-2013:1305", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { name: "ibm-java-cve20134002-dos(85260)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT5982", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-18T00:00:00", descriptions: [ { lang: "en", value: "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:19:06", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IC98015", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { name: "RHSA-2013:1060", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1447", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { name: "RHSA-2015:0765", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { name: "RHSA-2013:1440", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { name: "RHSA-2015:0675", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { name: "61310", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/61310", }, { name: "RHSA-2015:0773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { name: "RHSA-2015:0720", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { name: "SUSE-SU-2013:1257", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "USN-2033-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { name: "USN-2089-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { name: "SUSE-SU-2013:1256", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "HPSBUX02944", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { name: "RHSA-2013:1505", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { name: "HPSBUX02943", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { name: "RHSA-2014:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { name: "56257", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56257", }, { name: "SUSE-SU-2013:1263", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "RHSA-2014:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { name: "openSUSE-SU-2013:1663", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { name: "SUSE-SU-2013:1666", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { name: "APPLE-SA-2013-10-15-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { name: "SUSE-SU-2013:1293", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "RHSA-2013:1081", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { name: "SUSE-SU-2013:1255", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "RHSA-2013:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { name: "RHSA-2014:1818", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { name: "RHSA-2014:1821", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { name: "SUSE-SU-2013:1305", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { name: "ibm-java-cve20134002-dos(85260)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT5982", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2013-4002", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IC98015", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { name: "RHSA-2013:1060", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "RHSA-2014:0414", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1447", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { name: "RHSA-2015:0765", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { name: "RHSA-2013:1440", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { name: "RHSA-2015:0675", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { name: "61310", refsource: "BID", url: "http://www.securityfocus.com/bid/61310", }, { name: "RHSA-2015:0773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { name: "RHSA-2015:0720", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { name: "SUSE-SU-2013:1257", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "USN-2033-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2033-1", }, { name: "USN-2089-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2089-1", }, { name: "SUSE-SU-2013:1256", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "HPSBUX02944", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { name: "RHSA-2013:1505", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { name: "HPSBUX02943", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { name: "RHSA-2014:1822", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { name: "56257", refsource: "SECUNIA", url: "http://secunia.com/advisories/56257", }, { name: "SUSE-SU-2013:1263", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "RHSA-2014:1823", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { name: "openSUSE-SU-2013:1663", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { name: "SUSE-SU-2013:1666", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { name: "APPLE-SA-2013-10-15-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { name: "SUSE-SU-2013:1293", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "RHSA-2013:1081", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", refsource: "MLIST", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E", }, { name: "SUSE-SU-2013:1255", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "RHSA-2013:1451", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { name: "RHSA-2014:1818", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { name: "RHSA-2014:1821", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { name: "SUSE-SU-2013:1305", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { name: "ibm-java-cve20134002-dos(85260)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", refsource: "MLIST", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21648172", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { name: "https://issues.apache.org/jira/browse/XERCESJ-1679", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { name: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { name: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", refsource: "MISC", url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { name: "http://support.apple.com/kb/HT5982", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT5982", }, { name: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { name: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", refsource: "CONFIRM", url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { name: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", refsource: "CONFIRM", url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2013-4002", datePublished: "2013-07-23T10:00:00", dateReserved: "2013-06-07T00:00:00", dateUpdated: "2024-08-06T16:30:49.315Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }