Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2009:1615
HistoryDec 17, 2009 - 12:40 p.m.

xerces security update

2009-12-1712:40:02
CentOS Project
lists.centos.org
51

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.129 Low

EPSS

Percentile

95.4%

JSON

CentOS Errata and Security Advisory CESA-2009:1615

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. Applications using the Apache Xerces2 Java
Parser must be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-December/078530.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078531.html

Affected packages:
xerces-j2
xerces-j2-demo
xerces-j2-javadoc-apis
xerces-j2-javadoc-impl
xerces-j2-javadoc-other
xerces-j2-javadoc-xni
xerces-j2-scripts

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1615

OSVersionArchitecturePackageVersionFilename
CentOS5i386xerces-j2< 2.7.1-7jpp.2.el5_4.2xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-demo< 2.7.1-7jpp.2.el5_4.2xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-javadoc-apis< 2.7.1-7jpp.2.el5_4.2xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-javadoc-impl< 2.7.1-7jpp.2.el5_4.2xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-javadoc-other< 2.7.1-7jpp.2.el5_4.2xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-javadoc-xni< 2.7.1-7jpp.2.el5_4.2xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-scripts< 2.7.1-7jpp.2.el5_4.2xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2< 2.7.1-7jpp.2.el5_4.2xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-demo< 2.7.1-7jpp.2.el5_4.2xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm
CentOS5i386xerces-j2-javadoc-apis< 2.7.1-7jpp.2.el5_4.2xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm
Rows per page:
1-10 of 281

Related

nessus 70
openvas 88
redhat 4
oraclelinux 2
prion 3
github 1
osv 1
veracode 1
debiancve 3
debian 2
cve 3
seebug 2
ubuntucve 3
f5 2
ibm 6
ubuntu 6
slackware 1
freebsd 1
nessus
nessus
Scientific Linux Security Update : xerces-j2 on SL6.x i386/x86_64
2012-08-01 00:00:00
Scientific Linux Security Update : xerces-j2 on SL5.x i386/x86_64
2012-08-01 00:00:00
SuSE 10 Security Update : Xerces-j2 (ZYPP Patch Number 6449)
2009-09-24 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1615 (xerces-j2)
2009-12-30 00:00:00
Mandrake Security Advisory MDVSA-2009:218 (w3c-libwww)
2009-09-02 00:00:00
CentOS Update for xerces-j2 CESA-2009:1615 centos5 i386
2011-08-09 00:00:00
redhat
redhat
(RHSA-2011:0858) Moderate: xerces-j2 security update
2011-06-08 00:00:00
(RHSA-2009:1615) Moderate: xerces-j2 security update
2009-11-30 00:00:00
(RHSA-2012:1537) Moderate: jasperreports-server-pro security and bug fix update
2012-12-04 00:00:00
oraclelinux
oraclelinux
xerces-j2 security update
2009-11-30 00:00:00
xerces-j2 security update
2011-06-08 00:00:00
prion
prion
Input validation
2009-08-06 15:30:00
Buffer overflow
2009-11-03 16:30:00
Buffer overflow
2009-12-04 21:30:00
github
github
Denial of service in Apache Xerces2
2020-06-15 18:51:30
osv
osv
Denial of service in Apache Xerces2
2020-06-15 18:51:30
veracode
veracode
Denial Of Service (DoS)
2017-03-13 03:37:04
debiancve
debiancve
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
debian
debian
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
2009-10-28 09:39:18
[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service
2010-01-30 17:52:35
cve
cve
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
seebug
seebug
Sun Java运行时环境XML解析拒绝服务漏洞
2009-08-09 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2009-3720
2009-11-03 00:00:00
CVE-2009-2625
2009-08-06 00:00:00
CVE-2009-3560
2009-12-04 00:00:00
f5
f5
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
ibm
ibm
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
2024-04-12 17:33:16
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
2023-05-08 08:35:39
Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2
2021-04-16 07:16:00
ubuntu
ubuntu
Python 2.4 vulnerabilities
2010-01-22 00:00:00
CMake vulnerabilities
2010-04-15 00:00:00
Python 2.5 vulnerabilities
2010-01-21 00:00:00
slackware
slackware
[slackware-security] expat
2011-02-11 01:17:08
freebsd
freebsd
libwww -- multiple vulnerabilities
2005-10-12 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.129 Low

EPSS

Percentile

95.4%

JSON
Related for CESA-2009:1615
nessus70openvas88redhat4oraclelinux2prion3github1osv1veracode1debiancve3debian2cve3seebug2ubuntucve3f52ibm6ubuntu6slackware1freebsd1