what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

CVE-2009-2625

Status Candidate

Overview

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Related Files

Red Hat Security Advisory 2013-0763-01
Posted Apr 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0763-01 - The JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for JBoss Web Framework Kit 2.1.0. It includes various bug fixes and enhancements which are detailed in the JBoss Web Framework Kit 2.2.0 Release Notes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2012-5783
SHA-256 | bcc552aba157e86f9f1f7fc557510c73040d4381d49dbca767a3b296f3e6298f
Red Hat Security Advisory 2012-1537-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1537-01 - JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service. This update also fixes the following bugs: Adding a user to any ROLE caused an unexpected exception.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
SHA-256 | cda5cf73ac28123921171e07794e18b614763addcc34da268f4c05547a3e7c1f
Red Hat Security Advisory 2012-1232-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1232-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.2 serves as a replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2011-2908, CVE-2011-4605, CVE-2012-0213, CVE-2012-1167, CVE-2012-2377
SHA-256 | bfe1fd78f8e8200d810ee7a288e9dc1353758cb7ece9cd3e7b7a530ff76c782b
Red Hat Security Advisory 2012-0725-01
Posted Jun 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0725-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.1.0 release serves as a replacement for JBoss ON 3.0.1, and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2009-2625
SHA-256 | 8d3bb8bd4dec312c37db12ea1d0326d27764478c6640f56aba6202f31ce7e031
Mandriva Linux Security Advisory 2011-108
Posted Jun 13, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-108 - Apache Xerces2 Java, as used in Sun Java Runtime Environment in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

tags | advisory, java, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 36474762543fd2efb0f44fd4865e7e2b9783b3ed2e9b6dbf845f00b3cd0de55c
Red Hat Security Advisory 2011-0858-01
Posted Jun 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0858-01 - The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service . Various other issues were also addressed.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
SHA-256 | 1322afc9e163b1accbe04131a1f2a00f8a9ce70a16cc72b304a79fe535bc6706
VMware Security Advisory 2010-0002
Posted Feb 2, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE.

tags | advisory
advisories | CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671
SHA-256 | 9fdca7e08dfc8d5434a4f2c697c71bb80affbf3145121242ba0ffd398e591d00
Debian Linux Security Advisory 1984-1
Posted Jan 31, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.

tags | advisory, java, denial of service
systems | linux, debian
advisories | CVE-2009-2625
SHA-256 | e56530873719bbbfac147c6d114599e2278e2430011f76a5e4f6add741be4f43
Ubuntu Security Notice 890-1
Posted Jan 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
SHA-256 | d4220160b2265aec5952c4517574f263f4c2b458f115db9b08bc867f153d8cbd
VMware Security Advisory 2009-0016
Posted Nov 20, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. And by multiple, VMware means 93 issues. And by issues, VMware means vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671
SHA-256 | 101173f9f91a1f7594cf27ac8b0a52a7e9ab1d79d792e24aa5854aaa771f163d
HP Security Bulletin HPSBUX02476 SSRT090250
Posted Nov 17, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).

tags | advisory, java, remote, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-0217, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676
SHA-256 | 4e557744aecf9dd9f0d0fa1806010807ec9f5b0715c0bca405e0d75be361b35c
Debian Linux Security Advisory 1921-1
Posted Oct 28, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1921-1 - Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2625
SHA-256 | a8c61f99857e60177edcb2d381f99d669fa2b271562368559e0a5e2d3e388682
Mandriva Linux Security Advisory 2009-220
Posted Aug 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 62f8f56d89a553e41588d5db5b6e8c8c6bedd5ba9eb955c6afe0df7daf55c476
Mandriva Linux Security Advisory 2009-219
Posted Aug 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | c43b5b9412c80498d951f5aab3e7d44ddd1b71cdb3cda1b23ea0aa4f7d67b0fc
Mandriva Linux Security Advisory 2009-218
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 940574ed34e91952ce7c4208a6ef290ecd054124708ad5e6e7a4b5377e08e20b
Mandriva Linux Security Advisory 2009-217
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2625, CVE-2009-2408
SHA-256 | 9d01bf4018ef272796f802e7b69bf36d94eabb3f0d7d7fb3c6e573ebfc24366a
Mandriva Linux Security Advisory 2009-216
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-216 - A number of security vulnerabilities have been discovered in the NSS and NSPR libraries and in Mozilla Thunderbird.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2625, CVE-2009-2408, CVE-2009-2409, CVE-2009-2404
SHA-256 | e8e619c27abfa1ea866f6d756a974aa55669f6f2b6b85c33173163bb95017751
Mandriva Linux Security Advisory 2009-215
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | ce2329ccd328b819f4a1a50965d05b35b19115fd980af077c798363ee77ad560
Mandriva Linux Security Advisory 2009-214
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-214 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 8baa30d1ae51b2aee60f255fb0bd84170f9ca0c145d62c2ac452aed9110c5983
Mandriva Linux Security Advisory 2009-213
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 111fda230c0d060c1db1fe458067d6dcf3b80aa0be55bee39174cc106791fe7d
Mandriva Linux Security Advisory 2009-212
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 72b925d3e0a240c46928b20b6fc7e1e32e82593cc0b1fa34698fc90cb3e7167c
Mandriva Linux Security Advisory 2009-211
Posted Aug 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-2625
SHA-256 | 5b61601e33e11594211de303a61c8e1b2463eb8687e98e63a81dd0577061bd5d
Mandriva Linux Security Advisory 2009-209
Posted Aug 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-209 - Multiple Java OpenJDK security vulnerabilities has been identified and fixed.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0217, CVE-2009-1896, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2689, CVE-2009-2690
SHA-256 | e63ca3c4a2288ce9ba25d35c65a3b5ec6f6320072a58c8b95f0f89a275cf4470
Ubuntu Security Notice 814-1
Posted Aug 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-814-1 - A substantial amount of vulnerabilities in openjdk-6 have been addressed and fixed. These issues range from denial of service to code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2690
SHA-256 | 8d697a9751f57fbe8413cde8fc1c7dc6b4cc1de4d608811d3f65cf6b190ea1d8
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close