7.1

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

Data is provided by the National Vulnerability Database (NVD)
IbmJava Version5.0.0.0
IbmJava Version5.0.11.0
IbmJava Version5.0.11.1
IbmJava Version5.0.11.2
IbmJava Version5.0.12.0
IbmJava Version5.0.12.1
IbmJava Version5.0.12.2
IbmJava Version5.0.12.3
IbmJava Version5.0.12.4
IbmJava Version5.0.12.5
IbmJava Version5.0.13.0
IbmJava Version5.0.14.0
IbmJava Version5.0.15.0
IbmJava Version5.0.16.0
IbmJava Version5.0.16.1
IbmJava Version5.0.16.2
IbmJava Version6.0.0.0
IbmJava Version6.0.1.0
IbmJava Version6.0.2.0
IbmJava Version6.0.3.0
IbmJava Version6.0.4.0
IbmJava Version6.0.5.0
IbmJava Version6.0.6.0
IbmJava Version6.0.7.0
IbmJava Version6.0.8.0
IbmJava Version6.0.8.1
IbmJava Version6.0.9.0
IbmJava Version6.0.9.1
IbmJava Version6.0.9.2
IbmJava Version6.0.10.0
IbmJava Version6.0.10.1
IbmJava Version6.0.11.0
IbmJava Version6.0.12.0
IbmJava Version6.0.13.0
IbmJava Version6.0.13.1
IbmJava Version6.0.13.2
IbmJava Version7.0.0.0
IbmJava Version7.0.1.0
IbmJava Version7.0.2.0
IbmJava Version7.0.3.0
IbmJava Version7.0.4.0
IbmJava Version7.0.4.1
IbmJava Version7.0.4.2
OracleJdk Version1.5.0 Updateupdate51
OracleJdk Version1.6.0 Updateupdate60
OracleJdk Version1.7.0 Updateupdate40
OracleJre Version1.5.0 Updateupdate51
OracleJre Version1.6.0 Updateupdate60
OracleJre Version1.7.0 Updateupdate40
OracleJrockit Version >= r27.7.0 <= r27.7.6
OracleJrockit Version >= r28.0.0 <= r28.2.8
IbmSterling B2b Integrator Version5.2.4
IbmHost On-demand Version11.0
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.1
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.2
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.3
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.4
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.5
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.5.1
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.6
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.6.1
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.7
   MicrosoftWindows Version-
IbmHost On-demand Version11.0.8
   MicrosoftWindows Version-
IbmTivoli Application Dependency Discovery Manager Version7.2.2
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling B2b Integrator Version5.1
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling B2b Integrator Version5.2
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling File Gateway Version2.1
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmSterling File Gateway Version2.2
   HpHp-ux Version-
   IbmAix Version-
   IbmI Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
SuseLinux Enterprise Desktop Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Java Version10 Updatesp4
SuseLinux Enterprise Java Version11 Updatesp2
SuseLinux Enterprise Java Version11 Updatesp3
SuseLinux Enterprise Sdk Version11 Updatesp2
SuseLinux Enterprise Sdk Version11 Updatesp3
SuseLinux Enterprise Server Version10 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatformvmware
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
CanonicalUbuntu Linux Version13.10
ApacheXerces2 Java Version >= 2.4.0 < 2.12.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.42% 0.788
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
http://marc.info/?l=bugtraq&m=138674031212883&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=138674073720143&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://www.securityfocus.com/bid/61310
Third Party Advisory
VDB Entry