Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:1537
HistoryDec 04, 2012 - 12:00 a.m.

(RHSA-2012:1537) Moderate: jasperreports-server-pro security and bug fix update

2012-12-0400:00:00
access.redhat.com
22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

88.4%

JSON

JasperReports Server is a reporting server.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

This update also fixes the following bugs:

  • Adding a user to any ROLE caused an unexpected exception. (BZ#730712)

  • Previously, the jasperreports-server-pro RPM spec file contained the
    “%{dist}” tag on the “Release” line. To comply with the packaging and
    naming guidelines, the tag has been changed to “%{?dist}” with this update.
    (BZ#868927)

  • In some cases reports were opened with an incorrect list of
    Entity/Entities. (BZ#842687)

Note: The jasperreports-server-pro package replaces rhevm-reports-server
from Red Hat Enterprise Virtualization Manager 3.0.

Users are advised to upgrade to this updated package, which corrects these
issues.

Related

nessus 69
openvas 88
oraclelinux 2
redhat 4
prion 3
github 1
osv 1
veracode 1
debiancve 3
debian 2
cve 3
centos 1
seebug 2
ubuntucve 3
f5 2
ubuntu 6
ibm 6
slackware 1
freebsd 1
nessus
nessus
Scientific Linux Security Update : xerces-j2 on SL6.x i386/x86_64
2012-08-01 00:00:00
Scientific Linux Security Update : xerces-j2 on SL5.x i386/x86_64
2012-08-01 00:00:00
openSUSE Security Update : xerces-j2 (xerces-j2-1233)
2009-08-27 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1615 (xerces-j2)
2009-12-30 00:00:00
Mandrake Security Advisory MDVSA-2009:218 (w3c-libwww)
2009-09-02 00:00:00
CentOS Update for xerces-j2 CESA-2009:1615 centos5 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
xerces-j2 security update
2009-11-30 00:00:00
xerces-j2 security update
2011-06-08 00:00:00
redhat
redhat
(RHSA-2011:0858) Moderate: xerces-j2 security update
2011-06-08 00:00:00
(RHSA-2009:1615) Moderate: xerces-j2 security update
2009-11-30 00:00:00
(RHSA-2009:1505) Moderate: java-1.4.2-ibm security update
2009-10-14 00:00:00
prion
prion
Input validation
2009-08-06 15:30:00
Buffer overflow
2009-11-03 16:30:00
Buffer overflow
2009-12-04 21:30:00
github
github
Denial of service in Apache Xerces2
2020-06-15 18:51:30
osv
osv
Denial of service in Apache Xerces2
2020-06-15 18:51:30
veracode
veracode
Denial Of Service (DoS)
2017-03-13 03:37:04
debiancve
debiancve
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
debian
debian
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
2009-10-28 09:39:18
[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service
2010-01-30 17:52:35
cve
cve
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
centos
centos
xerces security update
2009-12-17 12:40:02
seebug
seebug
Sun Java运行时环境XML解析拒绝服务漏洞
2009-08-09 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2009-3720
2009-11-03 00:00:00
CVE-2009-2625
2009-08-06 00:00:00
CVE-2009-3560
2009-12-04 00:00:00
f5
f5
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
ubuntu
ubuntu
PyXML vulnerabilities
2010-01-26 00:00:00
Expat vulnerabilities
2010-01-20 00:00:00
Python 2.4 vulnerabilities
2010-01-22 00:00:00
ibm
ibm
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
2023-05-08 08:35:39
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
2024-04-12 17:33:16
Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2
2021-04-16 07:16:00
slackware
slackware
[slackware-security] expat
2011-02-11 01:17:08
freebsd
freebsd
libwww -- multiple vulnerabilities
2005-10-12 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

88.4%

JSON
Related for RHSA-2012:1537
nessus69openvas88oraclelinux2redhat4prion3github1osv1veracode1debiancve3debian2cve3centos1seebug2ubuntucve3f52ubuntu6ibm6slackware1freebsd1