Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2009-2625

Disclosure Date: August 06, 2009 •

Description

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

References

Canonical

CVE-2009-2625 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625)

BID-35958 (http://www.securityfocus.com/bid/35958)

Advisory

https://rhn.redhat.com/errata/RHSA-2009-1200.html

https://rhn.redhat.com/errata/RHSA-2009-1199.html

USN-890-1 (http://www.ubuntu.com/usn/USN-890-1)

SECUNIA-36162 (http://secunia.com/advisories/36162)

ADV-2009-2543 (http://www.vupen.com/english/advisories/2009/2543)

DSA-1984 (http://www.debian.org/security/2010/dsa-1984)

[oss-security] 20091022 Re: Regarding expat bug 1990430 (http://www.openwall.com/lists/oss-security/2009/10/22/9)

SUNALERT-1021506 (http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1)

SECUNIA-37460 (http://secunia.com/advisories/37460)

http://www.redhat.com/support/errata/RHSA-2009-1615.html

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

HPSBUX02476 (http://marc.info?l=bugtraq&m=125787273209737&w=2)

SECUNIA-37754 (http://secunia.com/advisories/37754)

https://rhn.redhat.com/errata/RHSA-2009-1637.html

SECUNIA-36199 (http://secunia.com/advisories/36199)

http://rhn.redhat.com/errata/RHSA-2012-1537.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

FEDORA-2009-8329 (https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html)

http://www.redhat.com/support/errata/RHSA-2011-0858.html

SECTRACK-1022680 (http://www.securitytracker.com/id?1022680)

SECUNIA-37671 (http://secunia.com/advisories/37671)

SECUNIA-38342 (http://secunia.com/advisories/38342)

https://rhn.redhat.com/errata/RHSA-2009-1636.html

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (http://www.securityfocus.com/archive/1/507985/100/0/threaded)

https://rhn.redhat.com/errata/RHSA-2009-1649.html

[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] (http://www.openwall.com/lists/oss-security/2009/10/26/3)

TA09-294A (http://www.us-cert.gov/cas/techalerts/TA09-294A.html)

SECUNIA-50549 (http://secunia.com/advisories/50549)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520

SECUNIA-36180 (http://secunia.com/advisories/36180)

SECUNIA-38231 (http://secunia.com/advisories/38231)

SUNALERT-272209 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1)

http://www.mandriva.com/security/advisories?name=MDVSA-2011:108

http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

SECUNIA-36176 (http://secunia.com/advisories/36176)

FEDORA-2009-8337 (https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html)

SECUNIA-43300 (http://secunia.com/advisories/43300)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356

TA10-012A (http://www.us-cert.gov/cas/techalerts/TA10-012A.html)

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://rhn.redhat.com/errata/RHSA-2012-1232.html

SUNALERT-263489 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1)

http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h

SECUNIA-37300 (http://secunia.com/advisories/37300)

APPLE-SA-2009-09-03-1 (http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html)

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

https://bugzilla.redhat.com/show_bug.cgi?id=512921

https://rhn.redhat.com/errata/RHSA-2009-1201.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

[oss-security] 20090906 Re: Re: expat bug 1990430 (http://www.openwall.com/lists/oss-security/2009/09/06/1)

[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] (http://www.openwall.com/lists/oss-security/2009/10/23/6)

ADV-2011-0359 (http://www.vupen.com/english/advisories/2011/0359)

ADV-2009-3316 (http://www.vupen.com/english/advisories/2009/3316)

https://rhn.redhat.com/errata/RHSA-2009-1650.html

[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 (https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E)

Miscellaneous

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026

http://www.networkworld.com/columnists/2009/080509-xml-flaw.html

http://www.cert.fi/en/reports/2009/vulnerability2009085.html

http://www.codenomicon.com/labs/xml

Rapid7

Technical Analysis