XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-1921-1 | New expat packages fix denial of service |
Debian DSA |
DSA-1984-1 | New libxerces2-java packages fix denial of service |
EUVD |
EUVD-2020-0452 | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. |
Github GHSA |
GHSA-334p-wv2m-w3vp | Denial of service in Apache Xerces2 |
Ubuntu USN |
USN-814-1 | OpenJDK vulnerabilities |
Ubuntu USN |
USN-890-1 | Expat vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2024-08-07T05:59:56.314Z
Reserved: 2009-07-28T00:00:00
Link: CVE-2009-2625
No data.
Status : Deferred
Published: 2009-08-06T15:30:00.327
Modified: 2025-04-09T00:30:58.490
Link: CVE-2009-2625
OpenCVE Enrichment
No data.
Debian DSA
EUVD
Github GHSA
Ubuntu USN