Vulnerability & Exploit Database

Back to search

RHSA-2011:0858: xerces-j2 security update

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) August 06, 2009 June 16, 2011 July 04, 2017


The xerces-j2 packages provide the Apache Xerces2 Java Parser, ahigh-performance XML parser. A Document Type Definition (DTD) defines thelegal syntax (and also which elements can be used) for certain types offiles, such as XML files.A flaw was found in the way the Apache Xerces2 Java Parser processed theSYSTEM identifier in DTDs. A remote attacker could provide aspecially-crafted XML file, which once parsed by an application using theApache Xerces2 Java Parser, would lead to a denial of service (applicationhang due to excessive CPU use). (CVE-2009-2625)Users should upgrade to these updated packages, which contain a backportedpatch to correct this issue. Applications using the Apache Xerces2 JavaParser must be restarted for this update to take effect.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial




Related Vulnerabilities