[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2014:1319-01 -- Redhat xerces-j2

ID: oval:org.secpod.oval:def:501400Date: (C)2014-10-13   (M)2023-12-07
Class: PATCHFamily: unix




Apache Xerces for Java is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.

Platform:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Product:
xerces-j2
Reference:
RHSA-2014:1319-01
CVE-2013-4002
CVE    1
CVE-2013-4002
CPE    3
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:6
cpe:/a:sun:xerces_j2

© SecPod Technologies