7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.019 Low
EPSS
Percentile
88.3%
CentOS Errata and Security Advisory CESA-2014:1319
Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.
A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)
All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082765.html
https://lists.centos.org/pipermail/centos-announce/2014-September/082767.html
Affected packages:
xerces-j2
xerces-j2-demo
xerces-j2-javadoc
xerces-j2-javadoc-apis
xerces-j2-javadoc-impl
xerces-j2-javadoc-other
xerces-j2-javadoc-xni
xerces-j2-scripts
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1319
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | xerces-j2 | < 2.7.1-12.7.el6_5 | xerces-j2-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | i686 | xerces-j2-demo | < 2.7.1-12.7.el6_5 | xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | i686 | xerces-j2-javadoc-apis | < 2.7.1-12.7.el6_5 | xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | i686 | xerces-j2-javadoc-impl | < 2.7.1-12.7.el6_5 | xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | i686 | xerces-j2-javadoc-other | < 2.7.1-12.7.el6_5 | xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | i686 | xerces-j2-javadoc-xni | < 2.7.1-12.7.el6_5 | xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | i686 | xerces-j2-scripts | < 2.7.1-12.7.el6_5 | xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm |
CentOS | 6 | x86_64 | xerces-j2 | < 2.7.1-12.7.el6_5 | xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm |
CentOS | 6 | x86_64 | xerces-j2-demo | < 2.7.1-12.7.el6_5 | xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm |
CentOS | 6 | x86_64 | xerces-j2-javadoc-apis | < 2.7.1-12.7.el6_5 | xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm |