{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-20T16:06:10", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "SSA:2011-041-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"}, {"name": "RHSA-2009:1200", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"}, {"name": "RHSA-2009:1199", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"}, {"name": "USN-890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-890-1"}, {"name": "36162", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36162"}, {"name": "ADV-2009-2543", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2543"}, {"name": "DSA-1984", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1984"}, {"name": "[oss-security] 20091022 Re: Regarding expat bug 1990430", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"}, {"name": "1021506", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37460"}, {"name": "RHSA-2009:1615", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "HPSBUX02476", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"name": "37754", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37754"}, {"name": "RHSA-2009:1637", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.codenomicon.com/labs/xml/"}, {"name": "36199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36199"}, {"name": "RHSA-2012:1537", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "MDVSA-2009:209", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"}, {"name": "FEDORA-2009-8329", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"}, {"name": "RHSA-2011:0858", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"}, {"name": "SSRT090250", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"name": "1022680", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022680"}, {"name": "37671", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37671"}, {"name": "38342", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38342"}, {"name": "RHSA-2009:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "35958", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35958"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "RHSA-2009:1649", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"}, {"name": "TA09-294A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"}, {"name": "50549", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50549"}, {"name": "oval:org.mitre.oval:def:8520", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"}, {"name": "36180", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36180"}, {"name": "38231", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38231"}, {"name": "272209", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"}, {"name": "MDVSA-2011:108", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"}, {"name": "36176", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36176"}, {"name": "FEDORA-2009-8337", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"}, {"name": "43300", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43300"}, {"name": "oval:org.mitre.oval:def:9356", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"}, {"name": "TA10-012A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"}, {"name": "SUSE-SR:2009:016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"name": "RHSA-2012:1232", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"}, {"name": "263489", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"}, {"name": "37300", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37300"}, {"name": "APPLE-SA-2009-09-03-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"}, {"name": "SUSE-SA:2009:053", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"}, {"name": "RHSA-2009:1201", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"}, {"name": "SUSE-SR:2009:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"name": "[oss-security] 20090906 Re: Re: expat bug 1990430", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"}, {"name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"}, {"name": "ADV-2011-0359", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0359"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "RHSA-2009:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2009-2625", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSA:2011-041-02", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"}, {"name": "RHSA-2009:1200", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"}, {"name": "RHSA-2009:1199", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"}, {"name": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", "refsource": "MISC", "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"}, {"name": "USN-890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-890-1"}, {"name": "36162", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36162"}, {"name": "ADV-2009-2543", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2543"}, {"name": "DSA-1984", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1984"}, {"name": "[oss-security] 20091022 Re: Regarding expat bug 1990430", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"}, {"name": "1021506", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"}, {"name": "37460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37460"}, {"name": "RHSA-2009:1615", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "HPSBUX02476", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"name": "37754", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37754"}, {"name": "RHSA-2009:1637", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"name": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", "refsource": "MISC", "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"}, {"name": "http://www.codenomicon.com/labs/xml/", "refsource": "MISC", "url": "http://www.codenomicon.com/labs/xml/"}, {"name": "36199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36199"}, {"name": "RHSA-2012:1537", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"}, {"name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "MDVSA-2009:209", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"}, {"name": "FEDORA-2009-8329", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"}, {"name": "RHSA-2011:0858", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"}, {"name": "SSRT090250", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"name": "1022680", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022680"}, {"name": "37671", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37671"}, {"name": "38342", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38342"}, {"name": "RHSA-2009:1636", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "35958", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35958"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "RHSA-2009:1649", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"}, {"name": "TA09-294A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"}, {"name": "50549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50549"}, {"name": "oval:org.mitre.oval:def:8520", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"}, {"name": "36180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36180"}, {"name": "38231", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38231"}, {"name": "272209", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"}, {"name": "MDVSA-2011:108", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"}, {"name": "36176", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36176"}, {"name": "FEDORA-2009-8337", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"}, {"name": "43300", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43300"}, {"name": "oval:org.mitre.oval:def:9356", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"}, {"name": "TA10-012A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"}, {"name": "SUSE-SR:2009:016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"name": "RHSA-2012:1232", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"}, {"name": "263489", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"}, {"name": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"}, {"name": "37300", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37300"}, {"name": "APPLE-SA-2009-09-03-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"}, {"name": "SUSE-SA:2009:053", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=512921", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"}, {"name": "RHSA-2009:1201", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"}, {"name": "SUSE-SR:2009:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"name": "[oss-security] 20090906 Re: Re: expat bug 1990430", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"}, {"name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"}, {"name": "ADV-2011-0359", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0359"}, {"name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "RHSA-2009:1650", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:56.314Z"}, "title": "CVE Program Container", "references": [{"name": "SSA:2011-041-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"}, {"name": "RHSA-2009:1200", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"}, {"name": "RHSA-2009:1199", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"}, {"name": "USN-890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-890-1"}, {"name": "36162", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36162"}, {"name": "ADV-2009-2543", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2543"}, {"name": "DSA-1984", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1984"}, {"name": "[oss-security] 20091022 Re: Regarding expat bug 1990430", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"}, {"name": "1021506", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37460"}, {"name": "RHSA-2009:1615", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "HPSBUX02476", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"name": "37754", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37754"}, {"name": "RHSA-2009:1637", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.codenomicon.com/labs/xml/"}, {"name": "36199", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36199"}, {"name": "RHSA-2012:1537", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "MDVSA-2009:209", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"}, {"name": "FEDORA-2009-8329", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"}, {"name": "RHSA-2011:0858", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"}, {"name": "SSRT090250", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"name": "1022680", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022680"}, {"name": "37671", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37671"}, {"name": "38342", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38342"}, {"name": "RHSA-2009:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "35958", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35958"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "RHSA-2009:1649", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"}, {"name": "TA09-294A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"}, {"name": "50549", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50549"}, {"name": "oval:org.mitre.oval:def:8520", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"}, {"name": "36180", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36180"}, {"name": "38231", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38231"}, {"name": "272209", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"}, {"name": "MDVSA-2011:108", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"}, {"name": "36176", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36176"}, {"name": "FEDORA-2009-8337", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"}, {"name": "43300", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43300"}, {"name": "oval:org.mitre.oval:def:9356", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"}, {"name": "TA10-012A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"}, {"name": "SUSE-SR:2009:016", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"name": "RHSA-2012:1232", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"}, {"name": "263489", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"}, {"name": "37300", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37300"}, {"name": "APPLE-SA-2009-09-03-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"}, {"name": "SUSE-SA:2009:053", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"}, {"name": "RHSA-2009:1201", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"}, {"name": "SUSE-SR:2009:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"name": "[oss-security] 20090906 Re: Re: expat bug 1990430", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"}, {"name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"}, {"name": "ADV-2011-0359", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0359"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "RHSA-2009:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-2625", "datePublished": "2009-08-06T15:00:00", "dateReserved": "2009-07-28T00:00:00", "dateUpdated": "2024-08-07T05:59:56.314Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "711BCDB5-83BC-4DBA-8097-2CD33617FD19", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*", "matchCriteriaId": "B5F20B3E-781F-4DC1-B939-B0EAFC515F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*", "matchCriteriaId": "BEB37E93-38EB-4AEE-A3DD-D2097C0D6852", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*", "matchCriteriaId": "59DED85A-153E-40B1-9ABA-D405204E464E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*", "matchCriteriaId": "168E67FC-32BC-4DAE-B49C-840FD721D7AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*", "matchCriteriaId": "83A2B4A2-ED27-4C12-871B-C0F78C3478FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*", "matchCriteriaId": "9E8A5D2D-B620-449B-B599-51F5C9FC658C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*", "matchCriteriaId": "9A39B469-5041-4715-B6AC-36D8777677EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*", "matchCriteriaId": "F49DBD1F-D3F5-400B-AE2E-BC87B05A5051", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*", "matchCriteriaId": "8E605982-97A2-4E5E-847E-2BB8AD77910C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*", "matchCriteriaId": "848299EC-DE52-4511-BF53-C83022935964", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*", "matchCriteriaId": "CD5BD598-ADBC-42EE-BF81-049D89CCA426", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*", "matchCriteriaId": "64AC19E5-A20C-4D51-B465-ABCDBADF550A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*", "matchCriteriaId": "A2CCCA1A-F0A1-4511-AF84-326DF406C0DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*", "matchCriteriaId": "81B0BEF9-25FD-48F7-83BC-BEA31BC3A1BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*", "matchCriteriaId": "4E6D8590-0A99-43E0-9256-9572112F9C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*", "matchCriteriaId": "5F2A0870-A4D3-481B-8A37-A4DC282B0DE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*", "matchCriteriaId": "20171515-B5A5-44D2-B7F7-21EDDE39989E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*", "matchCriteriaId": "F734AF76-4CEE-4F9D-AD6A-6BECF1F977CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*", "matchCriteriaId": "985B45F6-C285-4061-A656-A4C1A1FE59D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "4A420DA5-1346-446B-8D23-E1E6DDBE527E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*", "matchCriteriaId": "B8CA8719-7ABE-4279-B49E-C414794A4FE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*", "matchCriteriaId": "DC92B7EC-849F-4255-9D55-43681B8DADC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*", "matchCriteriaId": "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*", "matchCriteriaId": "1F3C1E65-929A-4468-8584-F086E6E59839", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*", "matchCriteriaId": "42C95C1D-0C2E-4733-AB1B-65650D88995D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*", "matchCriteriaId": "47A9F499-D1E3-41BD-AC18-E8D3D3231C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*", "matchCriteriaId": "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*", "matchCriteriaId": "344FA3EA-9E25-493C-976A-211D1404B251", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*", "matchCriteriaId": "D081A380-5AA4-4451-94A9-7B65810106E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*", "matchCriteriaId": "112E7575-A3A0-4A94-AD39-7B2325B150B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*", "matchCriteriaId": "708E8CEF-82EE-4D4B-ABF9-87AA4878F517", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*", "matchCriteriaId": "D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*", "matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F920C50-FE0F-4915-965A-AA58884DF7A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "944FDBF2-1262-4B85-A7D3-537330144D22", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "57C2F58F-13AA-45C5-9172-8465B44CA9FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A3115EB-0671-4E0C-9B75-FACFD6D42B88", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "F3376F25-51D0-4D84-AFC7-AD1C1BCA0191", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "BDE00C3E-BB4E-4E71-86B8-E637BCD033A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC3C1085-3255-449C-AFE3-984EFAC5BCCE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."}, {"lang": "es", "value": "Apache Xerces2 Java, tal como se utiliza en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior a la actualizaci\u00f3n 15 y el JDK y JRE v5.0 antes de la actualizaci\u00f3n 20, y en otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito y la cuelgue de aplicaci\u00f3n) a trav\u00e9s de una entrada XML malformada, como lo demuestra Codenomicon XML fuzzing framework."}], "id": "CVE-2009-2625", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-06T15:30:00.327", "references": [{"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36162"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36176"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36180"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36199"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37300"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37460"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37671"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37754"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38231"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38342"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43300"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50549"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"}, {"source": "cret@cert.org", "tags": ["Broken Link", "Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"}, {"source": "cret@cert.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.codenomicon.com/labs/xml/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-1984"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/35958"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022680"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-890-1"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "cret@cert.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/2543"}, {"source": "cret@cert.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "cret@cert.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0359"}, {"source": "cret@cert.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"}, {"source": "cret@cert.org", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.codenomicon.com/labs/xml/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-1984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/35958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-890-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/2543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0359"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1505", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3", "product_name": "Extras for RHEL 3", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1199", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.5.0-sun-0:1.5.0.20-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2009-08-06T00:00:00Z"}, {"advisory": "RHSA-2009:1200", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2009-08-06T00:00:00Z"}, {"advisory": "RHSA-2009:1236", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.5.0-ibm-1:1.5.0.10-1jpp.4.el4", "product_name": "Extras for RHEL 4", "release_date": "2009-08-28T00:00:00Z"}, {"advisory": "RHSA-2009:1505", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1582", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.6.0-ibm-1:1.6.0.6-1jpp.3.el4", "product_name": "Extras for RHEL 4", "release_date": "2009-11-12T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.9.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.22.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jcommon-0:1.0.16-1.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.7-1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.9.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.14.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jcommon-0:1.0.16-1.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jgroups-1:2.4.7-1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1201", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-08-06T00:00:00Z"}, {"advisory": "RHSA-2009:1615", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xerces-j2-0:2.7.1-7jpp.2.el5_4.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2011:0858", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xerces-j2-0:2.7.1-12.6.el6_0", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-06-08T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.9.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.21.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jcommon-0:1.0.16-1.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.7-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.9.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.18.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jcommon-0:1.0.16-1.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.7-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2012:0725", "cpe": "cpe:/a:redhat:jboss_operations_network:3.1", "product_name": "Red Hat JBoss Operations Network 3.1", "release_date": "2012-06-12T00:00:00Z"}, {"advisory": "RHSA-2012:1232", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2", "product_name": "Red Hat JBoss Portal 5.2", "release_date": "2012-09-05T00:00:00Z"}, {"advisory": "RHSA-2013:0763", "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.2.0", "product_name": "Red Hat JBoss Web Framework Kit 2.2", "release_date": "2013-04-22T00:00:00Z"}, {"advisory": "RHSA-2009:1662", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2009-12-11T00:00:00Z"}, {"advisory": "RHSA-2010:0043", "cpe": "cpe:/a:redhat:network_satellite:5.3::el4", "package": "java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5", "product_name": "Red Hat Network Satellite Server v 5.3", "release_date": "2010-01-14T00:00:00Z"}, {"advisory": "RHSA-2009:1551", "cpe": "cpe:/a:redhat:rhel_extras_sap:4", "package": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8", "product_name": "RHEL 4 for SAP", "release_date": "2009-11-04T00:00:00Z"}, {"advisory": "RHSA-2009:1551", "cpe": "cpe:/a:redhat:rhel_extras_sap:5", "package": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3", "product_name": "RHEL 5 for SAP", "release_date": "2009-11-04T00:00:00Z"}, {"advisory": "RHSA-2012:1537", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "jasperreports-server-pro-0:4.7.1-2.el6ev", "product_name": "RHEV Manager version 3.0", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2009:1199", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-sun-0:1.5.0.20-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2009-08-06T00:00:00Z"}, {"advisory": "RHSA-2009:1200", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2009-08-06T00:00:00Z"}, {"advisory": "RHSA-2009:1236", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.10-1jpp.4.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2009-08-28T00:00:00Z"}, {"advisory": "RHSA-2009:1505", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1582", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.6-1jpp.3.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2009-11-12T00:00:00Z"}], "bugzilla": {"description": "JDK: XML parsing Denial-Of-Service (6845701)", "id": "512921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."], "name": "CVE-2009-2625", "package_state": [{"cpe": "cpe:/o:redhat:rhel_eus:5.3", "fix_state": "Affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.3"}, {"cpe": "cpe:/o:redhat:rhel_eus:5.5", "fix_state": "Affected", "package_name": "java-1.6.0-ibm", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.5"}, {"cpe": "cpe:/o:redhat:rhel_eus:5.8", "fix_state": "Affected", "package_name": "xerces-j2", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.8"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.0", "fix_state": "Affected", "package_name": "xerces-j2", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.0"}, {"cpe": "cpe:/a:redhat:network_satellite:4.2", "fix_state": "Affected", "package_name": "Server", "product_name": "Red Hat Satellite 4.2"}, {"cpe": "cpe:/a:redhat:network_satellite:5.0", "fix_state": "Affected", "package_name": "Server", "product_name": "Red Hat Satellite 5.0"}], "public_date": "2009-08-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2625"], "threat_severity": "Moderate"}