Rapid7 Vulnerability & Exploit Database

JRE XML Parsing Denial of Service

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

JRE XML Parsing Denial of Service

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

08/06/2009

Created

07/25/2018

Added

11/18/2009

Modified

09/13/2018

Description

The XMLScanner.java in Apache Xerces2 Java, as used in the Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 as well as JDK and JRE 5.0 before Update 20 allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input.

Solution(s)

jre-upgrade-latest

References

https://attackerkb.com/topics/cve-2009-2625
APPLE-SA-2009-09-03-1
35958
TA09-294A
TA10-012A
CVE - 2009-2625
DSA-1984
OVAL8520
OVAL9356
RHSA-2009:1199
RHSA-2009:1200
RHSA-2009:1201
RHSA-2009:1615
RHSA-2009:1636
RHSA-2009:1637
RHSA-2009:1649
RHSA-2009:1650
RHSA-2011:0858
RHSA-2012:1232
SUSE-SA:2009:053
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

JRE XML Parsing Denial of Service

JRE XML Parsing Denial of Service

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.