Lucene search
K

Debian DSA-1984-1 : libxerces2-java - denial of service

🗓️ 24 Feb 2010 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 37 Views

Debian DSA-1984-1: libxerces2-java denial of service vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities
11 Jul 202407:21
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow
11 Jan 202413:32
ibm
IBM Security Bulletins
Security Bulletin: Addressing the Security vulnerability CVE-2022-23437,CVE-2009-2625,CVE-2012-0881,CVE-2013-4002 found in xercesImpl-2.9.1.jar and its previous versions affects ITCAM for Transactions
30 Aug 202311:09
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Xerces2 affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2013-4002, CVE-2012-1724, CVE-2012-0881, CVE-2022-23437, CVE-2009-2625)
13 Jul 202313:21
ibm
IBM Security Bulletins
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
8 May 202308:35
ibm
IBM Security Bulletins
Security Bulletin: IBM Operational Decision Manager May 2023 - Multiple CVEs
7 Jun 202307:18
ibm
IBM Security Bulletins
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
12 Apr 202417:33
ibm
IBM Security Bulletins
Security Bulletin: IBM Call Center is subject to vulnerability regarding an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources.
12 Apr 202417:47
ibm
IBM Security Bulletins
Security Bulletin: IBM Content Navigator is affected by Apache Xerces2
29 Mar 202623:41
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
20 Feb 202012:42
ibm
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1984. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44848);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2009-2625");
  script_bugtraq_id(35958);
  script_xref(name:"DSA", value:"1984");

  script_name(english:"Debian DSA-1984-1 : libxerces2-java - denial of service");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that libxerces2-java, a validating XML parser for
Java, does not properly process malformed XML files. This
vulnerability could allow an attacker to cause a denial of service
while parsing a malformed XML file."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548358"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2010/dsa-1984"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the libxerces2-java package.

For the oldstable distribution (etch), this problem has been fixed in
version 2.8.1-1+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 2.9.1-2+lenny1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxerces2-java");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"libxerces2-java", reference:"2.8.1-1+etch1")) flag++;
if (deb_check(release:"5.0", prefix:"libxerces2-java", reference:"2.9.1-2+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libxerces2-java-doc", reference:"2.9.1-2+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libxerces2-java-gcj", reference:"2.9.1-2+lenny1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Jan 2021 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 25
EPSS0.3038
37