XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=125787273209737&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1232.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1537.html cve-icon cve-icon
http://secunia.com/advisories/36162 cve-icon cve-icon
http://secunia.com/advisories/36176 cve-icon cve-icon
http://secunia.com/advisories/36180 cve-icon cve-icon
http://secunia.com/advisories/36199 cve-icon cve-icon
http://secunia.com/advisories/37300 cve-icon cve-icon
http://secunia.com/advisories/37460 cve-icon cve-icon
http://secunia.com/advisories/37671 cve-icon cve-icon
http://secunia.com/advisories/37754 cve-icon cve-icon
http://secunia.com/advisories/38231 cve-icon cve-icon
http://secunia.com/advisories/38342 cve-icon cve-icon
http://secunia.com/advisories/43300 cve-icon cve-icon
http://secunia.com/advisories/50549 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1 cve-icon cve-icon
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h cve-icon cve-icon
http://www.cert.fi/en/reports/2009/vulnerability2009085.html cve-icon cve-icon
http://www.codenomicon.com/labs/xml/ cve-icon cve-icon
http://www.debian.org/security/2010/dsa-1984 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2011:108 cve-icon cve-icon
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/09/06/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/10/22/9 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/10/23/6 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/10/26/3 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-1615.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-0858.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/507985/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/35958 cve-icon cve-icon
http://www.securitytracker.com/id?1022680 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-890-1 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA09-294A.html cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA10-012A.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2009-0016.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2543 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3316 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0359 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=512921 cve-icon cve-icon
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-2625 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356 cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1199.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1200.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1201.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1636.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1637.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1649.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1650.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-2625 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-08-07T05:59:56.314Z

Reserved: 2009-07-28T00:00:00

Link: CVE-2009-2625

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-08-06T15:30:00.327

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2625

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-08-05T00:00:00Z

Links: CVE-2009-2625 - Bugzilla

cve-icon OpenCVE Enrichment

No data.