Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2011:0858
HistoryJun 08, 2011 - 12:00 a.m.

(RHSA-2011:0858) Moderate: xerces-j2 security update

2011-06-0800:00:00
access.redhat.com
33

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

88.4%

JSON

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. Applications using the Apache Xerces2 Java
Parser must be restarted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6i686xerces-j2-debuginfo< 2.7.1-12.6.el6_0xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm
RedHat6ppc64xerces-j2-javadoc-other< 2.7.1-12.6.el6_0xerces-j2-javadoc-other-2.7.1-12.6.el6_0.ppc64.rpm
RedHat6s390xxerces-j2-demo< 2.7.1-12.6.el6_0xerces-j2-demo-2.7.1-12.6.el6_0.s390x.rpm
RedHat6i686xerces-j2-javadoc-xni< 2.7.1-12.6.el6_0xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm
RedHat6s390xxerces-j2-debuginfo< 2.7.1-12.6.el6_0xerces-j2-debuginfo-2.7.1-12.6.el6_0.s390x.rpm
RedHat6s390xxerces-j2< 2.7.1-12.6.el6_0xerces-j2-2.7.1-12.6.el6_0.s390x.rpm
RedHat6s390xxerces-j2-javadoc-xni< 2.7.1-12.6.el6_0xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.s390x.rpm
RedHat6srcxerces-j2< 2.7.1-12.6.el6_0xerces-j2-2.7.1-12.6.el6_0.src.rpm
RedHat6i686xerces-j2-scripts< 2.7.1-12.6.el6_0xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm
RedHat6x86_64xerces-j2-debuginfo< 2.7.1-12.6.el6_0xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm
Rows per page:
1-10 of 331

Related

openvas 88
nessus 68
debian 2
centos 1
cve 3
oraclelinux 2
prion 3
github 1
osv 1
veracode 1
debiancve 3
redhat 4
seebug 2
ubuntucve 3
ubuntu 6
f5 2
ibm 7
slackware 1
freebsd 1
openvas
openvas
RedHat Update for xerces-j2 RHSA-2011:0858-01
2012-06-06 00:00:00
Mandrake Security Advisory MDVSA-2009:211 (expat)
2009-09-02 00:00:00
Mandrake Security Advisory MDVSA-2009:215 (audacity)
2009-09-02 00:00:00
nessus
nessus
RHEL 5 : xerces-j2 (RHSA-2009:1615)
2009-12-01 00:00:00
Oracle Linux 5 : xerces-j2 (ELSA-2009-1615)
2013-07-12 00:00:00
RHEL 6 : Virtualization Manager (RHSA-2012:1537)
2014-11-08 00:00:00
debian
debian
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
2009-10-28 09:39:18
[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service
2010-01-30 17:52:35
centos
centos
xerces security update
2009-12-17 12:40:02
cve
cve
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
oraclelinux
oraclelinux
xerces-j2 security update
2009-11-30 00:00:00
xerces-j2 security update
2011-06-08 00:00:00
prion
prion
Input validation
2009-08-06 15:30:00
Buffer overflow
2009-11-03 16:30:00
Buffer overflow
2009-12-04 21:30:00
github
github
Denial of service in Apache Xerces2
2020-06-15 18:51:30
osv
osv
Denial of service in Apache Xerces2
2020-06-15 18:51:30
veracode
veracode
Denial Of Service (DoS)
2017-03-13 03:37:04
debiancve
debiancve
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
redhat
redhat
(RHSA-2009:1615) Moderate: xerces-j2 security update
2009-11-30 00:00:00
(RHSA-2012:1537) Moderate: jasperreports-server-pro security and bug fix update
2012-12-04 00:00:00
(RHSA-2009:1505) Moderate: java-1.4.2-ibm security update
2009-10-14 00:00:00
seebug
seebug
Sun Java运行时环境XML解析拒绝服务漏洞
2009-08-09 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2009-2625
2009-08-06 00:00:00
CVE-2009-3720
2009-11-03 00:00:00
CVE-2009-3560
2009-12-04 00:00:00
ubuntu
ubuntu
CMake vulnerabilities
2010-04-15 00:00:00
Python 2.5 vulnerabilities
2010-01-21 00:00:00
PyXML vulnerabilities
2010-01-26 00:00:00
f5
f5
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
ibm
ibm
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
2023-05-08 08:35:39
Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2
2021-04-16 07:16:00
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
2024-04-12 17:33:16
slackware
slackware
[slackware-security] expat
2011-02-11 01:17:08
freebsd
freebsd
libwww -- multiple vulnerabilities
2005-10-12 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

88.4%

JSON
Related for RHSA-2011:0858
openvas88nessus68debian2centos1cve3oraclelinux2prion3github1osv1veracode1debiancve3redhat4seebug2ubuntucve3ubuntu6f52ibm7slackware1freebsd1