5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
88.4%
JasperReports Server is a reporting server.
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
This update also fixes the following bugs:
Adding a user to any ROLE caused an unexpected exception. (BZ#730712)
Previously, the jasperreports-server-pro RPM spec file contained the
“%{dist}” tag on the “Release” line. To comply with the packaging and
naming guidelines, the tag has been changed to “%{?dist}” with this update.
(BZ#868927)
In some cases reports were opened with an incorrect list of
Entity/Entities. (BZ#842687)
Note: The jasperreports-server-pro package replaces rhevm-reports-server
from Red Hat Enterprise Virtualization Manager 3.0.
Users are advised to upgrade to this updated package, which corrects these
issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | jasperreports-server-pro | < 4.7.1-2.el6ev | jasperreports-server-pro-4.7.1-2.el6ev.src.rpm |
RedHat | 6 | noarch | jasperreports-server-pro | < 4.7.1-2.el6ev | jasperreports-server-pro-4.7.1-2.el6ev.noarch.rpm |