Vulnerability & Exploit Database

Back to search

RHSA-2009:1615: xerces-j2 security update

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) August 05, 2009 December 08, 2009 July 03, 2017

Description

The xerces-j2 packages provide the Apache Xerces2 Java Parser, ahigh-performance XML parser. A Document Type Definition (DTD) defines thelegal syntax (and also which elements can be used) for certain types offiles, such as XML files.A flaw was found in the way the Apache Xerces2 Java Parser processed theSYSTEM identifier in DTDs. A remote attacker could provide aspecially-crafted XML file, which once parsed by an application using theApache Xerces2 Java Parser, would lead to a denial of service (applicationhang due to excessive CPU use). (CVE-2009-2625)Users should upgrade to these updated packages, which contain a backportedpatch to correct this issue. Applications using the Apache Xerces2 JavaParser must be restarted for this update to take effect.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

redhat-upgrade-xerces-j2

Related Vulnerabilities