Home

CVE-2009-2625

Description

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Risk Information

Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
1.562

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Java SE Development Kit 5.0Windows
Multiple Vulnerabilities are affected in Java SE Development Kit 6Windows
Vulnerabilities CVE-2009-2625 are fixed in Apache-xercesImpl 2.10.0Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.3.0Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.4.0Windows
Vulnerabilities CVE-2009-2625,CVE-2013-3766 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 4.0Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.3Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.4Windows
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpmLinux
(RHSA-2009:1615) Moderate: xerces-j2 security update xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpmLinux
Vulnerabilities CVE-2009-2625 are fixed in Apache-xercesImpl for Linux 2.10.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234