accept no compromises
Showing 1 - 24 of 24 RSS Feed

CVE-2009-2625

Status Candidate

Overview

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Related Files

Red Hat Security Advisory 2013-0763-01
Posted Apr 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0763-01 - The JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for JBoss Web Framework Kit 2.1.0. It includes various bug fixes and enhancements which are detailed in the JBoss Web Framework Kit 2.2.0 Release Notes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2012-5783
MD5 | df4205a95bae4fb88aa6f8480a42fea2
Red Hat Security Advisory 2012-1537-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1537-01 - JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service. This update also fixes the following bugs: Adding a user to any ROLE caused an unexpected exception.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
MD5 | 0d1fb1f00967f87786626d86a121c46e
Red Hat Security Advisory 2012-1232-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1232-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.2 serves as a replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2011-2908, CVE-2011-4605, CVE-2012-0213, CVE-2012-1167, CVE-2012-2377
MD5 | 9599ac9aa28cd37e1f3b1763a768a63f
Red Hat Security Advisory 2012-0725-01
Posted Jun 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0725-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.1.0 release serves as a replacement for JBoss ON 3.0.1, and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2009-2625
MD5 | b2beb3f3f83a94905ffe7bdb85bc9c17
Mandriva Linux Security Advisory 2011-108
Posted Jun 13, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-108 - Apache Xerces2 Java, as used in Sun Java Runtime Environment in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

tags | advisory, java, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 161f1e1b70c05d814e961db49dc0aa67
Red Hat Security Advisory 2011-0858-01
Posted Jun 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0858-01 - The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service . Various other issues were also addressed.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
MD5 | daaf139d748661c78dd937c1e7a1660a
VMware Security Advisory 2010-0002
Posted Feb 2, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE.

tags | advisory
advisories | CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671
MD5 | 4df6fc1625f8c8cbcc25e387b948cf13
Debian Linux Security Advisory 1984-1
Posted Jan 31, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.

tags | advisory, java, denial of service
systems | linux, debian
advisories | CVE-2009-2625
MD5 | a80f738930c7386a753dea29dd143d93
Ubuntu Security Notice 890-1
Posted Jan 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
MD5 | a0de62100f8b2ecb8205f9262ce11c58
VMware Security Advisory 2009-0016
Posted Nov 20, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. And by multiple, VMware means 93 issues. And by issues, VMware means vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671
MD5 | c3e3eca10f3753c9a2a7da1996665d9e
HP Security Bulletin HPSBUX02476 SSRT090250
Posted Nov 17, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).

tags | advisory, java, remote, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-0217, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676
MD5 | 870168ac2bb11bb1b8971eaa9cf94fc0
Debian Linux Security Advisory 1921-1
Posted Oct 28, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1921-1 - Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2625
MD5 | 33f5948e410ebbe7e111d36247ff9e01
Mandriva Linux Security Advisory 2009-220
Posted Aug 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 993b0b846b88e62e49a609a61a93e132
Mandriva Linux Security Advisory 2009-219
Posted Aug 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 1e170b61dded8f353e51cf25ebb49589
Mandriva Linux Security Advisory 2009-218
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 32472296ae6a2124dbb8fdd544db9ff7
Mandriva Linux Security Advisory 2009-217
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2625, CVE-2009-2408
MD5 | 3fcfaf5fc1cc6d0c278ed38293c2a040
Mandriva Linux Security Advisory 2009-216
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-216 - A number of security vulnerabilities have been discovered in the NSS and NSPR libraries and in Mozilla Thunderbird.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2625, CVE-2009-2408, CVE-2009-2409, CVE-2009-2404
MD5 | bed9841c09c3299771d905604c5ad862
Mandriva Linux Security Advisory 2009-215
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 2b4ad00353906f497b03ad5fc5a9147b
Mandriva Linux Security Advisory 2009-214
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-214 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | bd167ba1da6755bec80d312571c5d367
Mandriva Linux Security Advisory 2009-213
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 8fac6c199ddee06890a42fda3aa7d71e
Mandriva Linux Security Advisory 2009-212
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 65c4e9851f87662edc6fc86f9f43f1f0
Mandriva Linux Security Advisory 2009-211
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
MD5 | 6d1febde0a030b01fbf6dc018c2049e6
Mandriva Linux Security Advisory 2009-209
Posted Aug 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-209 - Multiple Java OpenJDK security vulnerabilities has been identified and fixed.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0217, CVE-2009-1896, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2689, CVE-2009-2690
MD5 | b84f4a150a8e743b2e4c00b7d5a7a9f3
Ubuntu Security Notice 814-1
Posted Aug 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-814-1 - A substantial amount of vulnerabilities in openjdk-6 have been addressed and fixed. These issues range from denial of service to code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2690
MD5 | a4f38bbfa2b4df638e8463c790b0c110
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    4 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close