5

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJdk Version1.5.0 Update-
OracleJdk Version1.5.0 Updateupdate1
OracleJdk Version1.5.0 Updateupdate10
OracleJdk Version1.5.0 Updateupdate11
OracleJdk Version1.5.0 Updateupdate12
OracleJdk Version1.5.0 Updateupdate13
OracleJdk Version1.5.0 Updateupdate14
OracleJdk Version1.5.0 Updateupdate15
OracleJdk Version1.5.0 Updateupdate16
OracleJdk Version1.5.0 Updateupdate17
OracleJdk Version1.5.0 Updateupdate18
OracleJdk Version1.5.0 Updateupdate19
OracleJdk Version1.5.0 Updateupdate2
OracleJdk Version1.5.0 Updateupdate3
OracleJdk Version1.5.0 Updateupdate4
OracleJdk Version1.5.0 Updateupdate5
OracleJdk Version1.5.0 Updateupdate6
OracleJdk Version1.5.0 Updateupdate7
OracleJdk Version1.5.0 Updateupdate8
OracleJdk Version1.5.0 Updateupdate9
OracleJdk Version1.6.0 Update-
OracleJdk Version1.6.0 Updateupdate1
OracleJdk Version1.6.0 Updateupdate10
OracleJdk Version1.6.0 Updateupdate11
OracleJdk Version1.6.0 Updateupdate12
OracleJdk Version1.6.0 Updateupdate13
OracleJdk Version1.6.0 Updateupdate14
OracleJdk Version1.6.0 Updateupdate2
OracleJdk Version1.6.0 Updateupdate3
OracleJdk Version1.6.0 Updateupdate4
OracleJdk Version1.6.0 Updateupdate5
OracleJdk Version1.6.0 Updateupdate6
OracleJdk Version1.6.0 Updateupdate7
FedoraprojectFedora Version10
FedoraprojectFedora Version11
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Server Version10 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp3 SwEdition-
SuseLinux Enterprise Server Version11 Update-
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
OraclePrimavera Web Services Version6.2.1
OraclePrimavera Web Services Version7.0 Update-
OraclePrimavera Web Services Version7.0 Updatesp1
ApacheXerces2 Java Version2.9.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 30.38% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Permissions Required
http://secunia.com/advisories/37460
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=125787273209737&w=2
Third Party Advisory
Mailing List
http://secunia.com/advisories/36162
Third Party Advisory
http://secunia.com/advisories/36176
Third Party Advisory
http://secunia.com/advisories/36180
Third Party Advisory
http://secunia.com/advisories/37300
Third Party Advisory
http://secunia.com/advisories/37671
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
Patch
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
Broken Link
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/2543
Permissions Required
https://rhn.redhat.com/errata/RHSA-2009-1200.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1201.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1636.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1637.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1649.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1650.html
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
Third Party Advisory
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/36199
Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1199.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1232.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1537.html
Broken Link
http://secunia.com/advisories/37754
Third Party Advisory
http://secunia.com/advisories/38231
Third Party Advisory
http://secunia.com/advisories/38342
Third Party Advisory
http://secunia.com/advisories/43300
Third Party Advisory
http://secunia.com/advisories/50549
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1
Patch
Vendor Advisory
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1
Broken Link
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h
Patch
Vendor Advisory
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
Third Party Advisory
http://www.codenomicon.com/labs/xml/
Third Party Advisory
http://www.debian.org/security/2010/dsa-1984
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:108
Third Party Advisory
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/09/06/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/10/22/9
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/10/23/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/10/26/3
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1615.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0858.html
Third Party Advisory
http://www.securityfocus.com/bid/35958
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022680
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-890-1
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-012A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2011/0359
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=512921
Third Party Advisory
Issue Tracking
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356
Third Party Advisory