Rapid7 VulnDB

RHSA-2011:0858: xerces-j2 security update

Back to Search

RHSA-2011:0858: xerces-j2 security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
08/06/2009
Created
07/25/2018
Added
06/16/2011
Modified
07/04/2017

Description

The xerces-j2 packages provide the Apache Xerces2 Java Parser, ahigh-performance XML parser. A Document Type Definition (DTD) defines thelegal syntax (and also which elements can be used) for certain types offiles, such as XML files.A flaw was found in the way the Apache Xerces2 Java Parser processed theSYSTEM identifier in DTDs. A remote attacker could provide aspecially-crafted XML file, which once parsed by an application using theApache Xerces2 Java Parser, would lead to a denial of service (applicationhang due to excessive CPU use). (CVE-2009-2625)Users should upgrade to these updated packages, which contain a backportedpatch to correct this issue. Applications using the Apache Xerces2 JavaParser must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-xerces-j2
  • redhat-upgrade-xerces-j2-debuginfo
  • redhat-upgrade-xerces-j2-demo
  • redhat-upgrade-xerces-j2-javadoc-apis
  • redhat-upgrade-xerces-j2-javadoc-impl
  • redhat-upgrade-xerces-j2-javadoc-other
  • redhat-upgrade-xerces-j2-javadoc-xni
  • redhat-upgrade-xerces-j2-scripts

References

  • redhat-upgrade-xerces-j2
  • redhat-upgrade-xerces-j2-debuginfo
  • redhat-upgrade-xerces-j2-demo
  • redhat-upgrade-xerces-j2-javadoc-apis
  • redhat-upgrade-xerces-j2-javadoc-impl
  • redhat-upgrade-xerces-j2-javadoc-other
  • redhat-upgrade-xerces-j2-javadoc-xni
  • redhat-upgrade-xerces-j2-scripts

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;