7.1

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmJava Version5.0.0.0
IbmJava Version5.0.11.0
IbmJava Version5.0.11.1
IbmJava Version5.0.11.2
IbmJava Version5.0.12.0
IbmJava Version5.0.12.1
IbmJava Version5.0.12.2
IbmJava Version5.0.12.3
IbmJava Version5.0.12.4
IbmJava Version5.0.12.5
IbmJava Version5.0.13.0
IbmJava Version5.0.14.0
IbmJava Version5.0.15.0
IbmJava Version5.0.16.0
IbmJava Version5.0.16.1
IbmJava Version5.0.16.2
IbmJava Version6.0.0.0
IbmJava Version6.0.1.0
IbmJava Version6.0.2.0
IbmJava Version6.0.3.0
IbmJava Version6.0.4.0
IbmJava Version6.0.5.0
IbmJava Version6.0.6.0
IbmJava Version6.0.7.0
IbmJava Version6.0.8.0
IbmJava Version6.0.8.1
IbmJava Version6.0.9.0
IbmJava Version6.0.9.1
IbmJava Version6.0.9.2
IbmJava Version6.0.10.0
IbmJava Version6.0.10.1
IbmJava Version6.0.11.0
IbmJava Version6.0.12.0
IbmJava Version6.0.13.0
IbmJava Version6.0.13.1
IbmJava Version6.0.13.2
IbmJava Version7.0.0.0
IbmJava Version7.0.1.0
IbmJava Version7.0.2.0
IbmJava Version7.0.3.0
IbmJava Version7.0.4.0
IbmJava Version7.0.4.1
IbmJava Version7.0.4.2
OracleJdk Version1.5.0 Updateupdate51
OracleJdk Version1.6.0 Updateupdate60
OracleJdk Version1.7.0 Updateupdate40
OracleJre Version1.5.0 Updateupdate51
OracleJre Version1.6.0 Updateupdate60
OracleJre Version1.7.0 Updateupdate40
OracleJrockit Version >= r27.7.0 <= r27.7.6
OracleJrockit Version >= r28.0.0 <= r28.2.8
IbmSterling B2b Integrator Version5.2.4
IbmHost On-demand Version11.0
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.1
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.2
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.3
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.4
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.5
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.5.1
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.6
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.6.1
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.7
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.8
   MicrosoftWindows Version-
IbmTivoli Application Dependency Discovery Manager Version7.2.2
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling B2b Integrator Version5.1
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling B2b Integrator Version5.2
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling File Gateway Version2.1
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling File Gateway Version2.2
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
SuseLinux Enterprise Desktop Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Java Version10 Updatesp4
SuseLinux Enterprise Java Version11 Updatesp2
SuseLinux Enterprise Java Version11 Updatesp3
SuseLinux Enterprise Sdk Version11 Updatesp2
SuseLinux Enterprise Sdk Version11 Updatesp3
SuseLinux Enterprise Server Version10 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatformvmware
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
CanonicalUbuntu Linux Version13.10
ApacheXerces2 Java Version >= 2.4.0 < 2.12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.74% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www-01.ibm.com/support/docview.wss?uid=swg21644197
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1059.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1060.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1081.html
Broken Link
https://access.redhat.com/errata/RHSA-2014:0414
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
Third Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=138674031212883&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=138674073720143&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://rhn.redhat.com/errata/RHSA-2013-1440.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1447.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1451.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1505.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1818.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1821.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1822.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1823.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0675.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0720.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0765.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0773.html
Broken Link
http://secunia.com/advisories/56257
Third Party Advisory
http://support.apple.com/kb/HT5982
Third Party Advisory
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21653371
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Vendor Advisory
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
Third Party Advisory
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21648172
Broken Link
http://www.securityfocus.com/bid/61310
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2033-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2089-1
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
Vendor Advisory
VDB Entry
https://issues.apache.org/jira/browse/XERCESJ-1679
Vendor Advisory
Issue Tracking
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Third Party Advisory