[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2625Date: (C)2009-08-06   (M)2024-03-01


XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SUNALERT-1021506
SECTRACK-1022680
http://www.securityfocus.com/archive/1/507985/100/0/threaded
SUNALERT-263489
SUNALERT-272209
BID-35958
SECUNIA-36162
SECUNIA-36176
SECUNIA-36180
SECUNIA-36199
SECUNIA-37300
SECUNIA-37460
SECUNIA-37671
SECUNIA-37754
SECUNIA-38231
SECUNIA-38342
SECUNIA-43300
SECUNIA-50549
ADV-2009-2543
ADV-2009-3316
ADV-2011-0359
APPLE-SA-2009-09-03-1
DSA-1984
FEDORA-2009-8329
FEDORA-2009-8337
HPSBUX02476
MDVSA-2009:209
MDVSA-2011:108
RHSA-2009:1199
RHSA-2009:1200
RHSA-2009:1201
RHSA-2009:1615
RHSA-2009:1636
RHSA-2009:1637
RHSA-2009:1649
RHSA-2009:1650
RHSA-2011:0858
RHSA-2012:1232
RHSA-2012:1537
SSA:2011-041-02
SUSE-SA:2009:053
SUSE-SR:2009:016
SUSE-SR:2009:017
SUSE-SR:2010:013
TA09-294A
TA10-012A
USN-890-1
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
http://www.openwall.com/lists/oss-security/2009/09/06/1
http://www.openwall.com/lists/oss-security/2009/10/22/9
http://www.openwall.com/lists/oss-security/2009/10/23/6
http://www.openwall.com/lists/oss-security/2009/10/26/3
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://bugzilla.redhat.com/show_bug.cgi?id=512921
oval:org.mitre.oval:def:8520
oval:org.mitre.oval:def:9356

CPE    13
cpe:/o:debian:debian_linux:5.0
cpe:/o:suse:linux_enterprise_server:9
cpe:/o:canonical:ubuntu_linux:8.10
cpe:/o:fedoraproject:fedora:10
...
OVAL    23
oval:org.secpod.oval:def:500595
oval:org.secpod.oval:def:101499
oval:org.secpod.oval:def:301037
oval:org.secpod.oval:def:19697
...

© SecPod Technologies