Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2625

Опубликовано: 06 авг. 2009
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*
Конфигурация 7
cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*

EPSS

Процентиль: 62%
0.00432
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2009-2625

ubuntu
около 16 лет назад

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

redhat логотип

CVE-2009-2625

redhat
около 16 лет назад

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

debian логотип

CVE-2009-2625

debian
около 16 лет назад

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime En ...

github логотип

GHSA-334p-wv2m-w3vp

github
около 5 лет назад

Denial of service in Apache Xerces2

oracle-oval логотип

ELSA-2011-0858

oracle-oval
около 14 лет назад

ELSA-2011-0858: xerces-j2 security update (MODERATE)

EPSS

Процентиль: 62%
0.00432
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other