XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
marc.info/?l=bugtraq&m=138674031212883&w=2
marc.info/?l=bugtraq&m=138674073720143&w=2
rhn.redhat.com/errata/RHSA-2013-1059.html
rhn.redhat.com/errata/RHSA-2013-1060.html
rhn.redhat.com/errata/RHSA-2013-1081.html
rhn.redhat.com/errata/RHSA-2013-1440.html
rhn.redhat.com/errata/RHSA-2013-1447.html
rhn.redhat.com/errata/RHSA-2013-1451.html
rhn.redhat.com/errata/RHSA-2013-1505.html
rhn.redhat.com/errata/RHSA-2014-1818.html
rhn.redhat.com/errata/RHSA-2014-1821.html
rhn.redhat.com/errata/RHSA-2014-1822.html
rhn.redhat.com/errata/RHSA-2014-1823.html
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0765.html
rhn.redhat.com/errata/RHSA-2015-0773.html
secunia.com/advisories/56257
security.gentoo.org/glsa/glsa-201406-32.xml
support.apple.com/kb/HT5982
svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch
www-01.ibm.com/support/docview.wss?uid=swg1IC98015
www-01.ibm.com/support/docview.wss?uid=swg21644197
www-01.ibm.com/support/docview.wss?uid=swg21653371
www-01.ibm.com/support/docview.wss?uid=swg21657539
www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002
www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
www.ibm.com/support/docview.wss?uid=swg21648172
www.securityfocus.com/bid/61310
www.ubuntu.com/usn/USN-2033-1
www.ubuntu.com/usn/USN-2089-1
access.redhat.com/errata/RHSA-2014:0414
exchange.xforce.ibmcloud.com/vulnerabilities/85260
issues.apache.org/jira/browse/XERCESJ-1679
lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html