CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.1%
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
Debian | 11 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
Debian | 999 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |
Debian | 13 | all | libxerces2-java | < 2.9.1-4.1 | libxerces2-java_2.9.1-4.1_all.deb |