CVE-2009-2625

NONECVSS 0.0

0.0

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

🔗 References (126)

cret@certhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
cret@certhttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
cret@certhttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
cret@certhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
cret@certhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
cret@certhttp://marc.info/?l=bugtraq&m=125787273209737&w=2
cret@certhttp://rhn.redhat.com/errata/RHSA-2012-1232.html
cret@certhttp://rhn.redhat.com/errata/RHSA-2012-1537.html
cret@certhttp://secunia.com/advisories/36162
cret@certhttp://secunia.com/advisories/36176
cret@certhttp://secunia.com/advisories/36180
cret@certhttp://secunia.com/advisories/36199
cret@certhttp://secunia.com/advisories/37300
cret@certhttp://secunia.com/advisories/37460
cret@certhttp://secunia.com/advisories/37671

Is Your Infrastructure Affected by CVE-2009-2625?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-2625

📅 Published

🔄 Last Modified

🔗 References (126)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-2625?