Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-2625HistoryAug 06, 2009 - 3:30 p.m.
CVE-2009-2625
2009-08-0615:30:00
Debian Security Bug Tracker
security-tracker.debian.org
19
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.129 Low
EPSS
Percentile
95.5%
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
| Debian | 11 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
| Debian | 10 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
| Debian | 999 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
| Debian | 13 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:214 (python-celementtree)
2009-09-02 00:00:00
Mandrake Security Advisory MDVSA-2009:215 (audacity)
2009-09-02 00:00:00
Mandrake Security Advisory MDVSA-2009:214 (python-celementtree)
2009-09-02 00:00:00
seebug
seebug
Sun Java运行时环境XML解析拒绝服务漏洞
2009-08-09 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
oraclelinux
oraclelinux
xerces-j2 security update
2011-06-08 00:00:00
xerces-j2 security update
2009-11-30 00:00:00
redhat
redhat
(RHSA-2009:1615) Moderate: xerces-j2 security update
2009-11-30 00:00:00
(RHSA-2011:0858) Moderate: xerces-j2 security update
2011-06-08 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : xerces-j2 (MDVSA-2011:108)
2011-06-14 00:00:00
RHEL 5 : xerces-j2 (RHSA-2009:1615)
2009-12-01 00:00:00
RHEL 6 : Virtualization Manager (RHSA-2012:1537)
2014-11-08 00:00:00
cve
cve
centos
centos
xerces security update
2009-12-17 12:40:02
debian
debian
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
2009-10-28 09:39:18
[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service
2010-01-30 17:52:35
osv
osv
Denial of service in Apache Xerces2
2020-06-15 18:51:30
veracode
veracode
Denial Of Service (DoS)
2017-03-13 03:37:04
prion
prion
Input validation
2009-08-06 15:30:00
Buffer overflow
2009-11-03 16:30:00
Buffer overflow
2009-12-04 21:30:00
github
github
Denial of service in Apache Xerces2
2020-06-15 18:51:30
cvelist
cvelist
nvd
nvd
debiancve
debiancve
CVE-2009-3720
2009-11-03 16:30:12
CVE-2009-3560
2009-12-04 21:30:00
ubuntucve
ubuntucve
ubuntu
ubuntu
Python 2.5 vulnerabilities
2010-01-21 00:00:00
CMake vulnerabilities
2010-04-15 00:00:00
Expat vulnerabilities
2010-01-20 00:00:00
slackware
slackware
[slackware-security] expat
2011-02-11 01:17:08
f5
f5
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
ibm
ibm
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
2023-05-08 08:35:39
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.129 Low
EPSS
Percentile
95.5%
Related for DEBIANCVE:CVE-2009-2625