CVE-2009-2625

Published: Aug 6, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SSA:2011-041-02

vendor-advisory

x_refsource_SLACKWARE

RHSA-2009:1200

vendor-advisory

x_refsource_REDHAT

RHSA-2009:1199

vendor-advisory

x_refsource_REDHAT

http://www.networkworld.com/columnists/2009/080509-xml-flaw.html

x_refsource_MISC

USN-890-1

vendor-advisory

x_refsource_UBUNTU

36162

third-party-advisory

x_refsource_SECUNIA

ADV-2009-2543

vdb-entry

x_refsource_VUPEN

DSA-1984

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20091022 Re: Regarding expat bug 1990430

mailing-list

x_refsource_MLIST

1021506

vendor-advisory

x_refsource_SUNALERT

37460

third-party-advisory

x_refsource_SECUNIA

RHSA-2009:1615

vendor-advisory

x_refsource_REDHAT

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

x_refsource_CONFIRM

HPSBUX02476

vendor-advisory

x_refsource_HP

37754

third-party-advisory

x_refsource_SECUNIA

RHSA-2009:1637

vendor-advisory

x_refsource_REDHAT

http://www.cert.fi/en/reports/2009/vulnerability2009085.html

x_refsource_MISC

http://www.codenomicon.com/labs/xml/

x_refsource_MISC

36199

third-party-advisory

x_refsource_SECUNIA

RHSA-2012:1537

vendor-advisory

x_refsource_REDHAT

SUSE-SR:2010:013

vendor-advisory

x_refsource_SUSE

MDVSA-2009:209

vendor-advisory

x_refsource_MANDRIVA

FEDORA-2009-8329

vendor-advisory

x_refsource_FEDORA

RHSA-2011:0858

vendor-advisory

x_refsource_REDHAT

SSRT090250

vendor-advisory

x_refsource_HP

1022680

vdb-entry

x_refsource_SECTRACK

37671

third-party-advisory

x_refsource_SECUNIA

38342

third-party-advisory

x_refsource_SECUNIA

RHSA-2009:1636

vendor-advisory

x_refsource_REDHAT

35958

vdb-entry

x_refsource_BID

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

mailing-list

x_refsource_BUGTRAQ

RHSA-2009:1649

vendor-advisory

x_refsource_REDHAT

[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]

mailing-list

x_refsource_MLIST

TA09-294A

third-party-advisory

x_refsource_CERT

50549

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:8520

vdb-entry

signature

x_refsource_OVAL

36180

third-party-advisory

x_refsource_SECUNIA

38231

third-party-advisory

x_refsource_SECUNIA

272209

vendor-advisory

x_refsource_SUNALERT

MDVSA-2011:108

vendor-advisory

x_refsource_MANDRIVA

http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

x_refsource_CONFIRM

36176

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-8337

vendor-advisory

x_refsource_FEDORA

43300

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:9356

vdb-entry

signature

x_refsource_OVAL

TA10-012A

third-party-advisory

x_refsource_CERT

SUSE-SR:2009:016

vendor-advisory

x_refsource_SUSE

RHSA-2012:1232

vendor-advisory

x_refsource_REDHAT

263489

vendor-advisory

x_refsource_SUNALERT

http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h

x_refsource_CONFIRM

37300

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2009-09-03-1

vendor-advisory

x_refsource_APPLE

SUSE-SA:2009:053

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=512921

x_refsource_CONFIRM

RHSA-2009:1201

vendor-advisory

x_refsource_REDHAT

SUSE-SR:2009:017

vendor-advisory

x_refsource_SUSE

[oss-security] 20090906 Re: Re: expat bug 1990430

mailing-list

x_refsource_MLIST

[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]

mailing-list

x_refsource_MLIST

ADV-2011-0359

vdb-entry

x_refsource_VUPEN

ADV-2009-3316

vdb-entry

x_refsource_VUPEN

RHSA-2009:1650

vendor-advisory

x_refsource_REDHAT

[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-2625

Description

Affected Products

References