CVE-2009-2625
Published Aug 6, 2009
Last updated a year ago
Overview
- Description
- XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
- Source
- cret@cert.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "711BCDB5-83BC-4DBA-8097-2CD33617FD19"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5F20B3E-781F-4DC1-B939-B0EAFC515F71"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEB37E93-38EB-4AEE-A3DD-D2097C0D6852"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59DED85A-153E-40B1-9ABA-D405204E464E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "168E67FC-32BC-4DAE-B49C-840FD721D7AA"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83A2B4A2-ED27-4C12-871B-C0F78C3478FF"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E8A5D2D-B620-449B-B599-51F5C9FC658C"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A39B469-5041-4715-B6AC-36D8777677EE"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F49DBD1F-D3F5-400B-AE2E-BC87B05A5051"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E605982-97A2-4E5E-847E-2BB8AD77910C"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "848299EC-DE52-4511-BF53-C83022935964"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD5BD598-ADBC-42EE-BF81-049D89CCA426"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64AC19E5-A20C-4D51-B465-ABCDBADF550A"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2CCCA1A-F0A1-4511-AF84-326DF406C0DA"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81B0BEF9-25FD-48F7-83BC-BEA31BC3A1BA"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E6D8590-0A99-43E0-9256-9572112F9C8F"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F2A0870-A4D3-481B-8A37-A4DC282B0DE1"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20171515-B5A5-44D2-B7F7-21EDDE39989E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F734AF76-4CEE-4F9D-AD6A-6BECF1F977CD"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "985B45F6-C285-4061-A656-A4C1A1FE59D9"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A420DA5-1346-446B-8D23-E1E6DDBE527E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8CA8719-7ABE-4279-B49E-C414794A4FE1"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC92B7EC-849F-4255-9D55-43681B8DADC4"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F3C1E65-929A-4468-8584-F086E6E59839"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42C95C1D-0C2E-4733-AB1B-65650D88995D"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47A9F499-D1E3-41BD-AC18-E8D3D3231C12"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "344FA3EA-9E25-493C-976A-211D1404B251"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D081A380-5AA4-4451-94A9-7B65810106E3"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "112E7575-A3A0-4A94-AD39-7B2325B150B8"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "708E8CEF-82EE-4D4B-ABF9-87AA4878F517"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F920C50-FE0F-4915-965A-AA58884DF7A8"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "944FDBF2-1262-4B85-A7D3-537330144D22"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57C2F58F-13AA-45C5-9172-8465B44CA9FB"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A3115EB-0671-4E0C-9B75-FACFD6D42B88"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3376F25-51D0-4D84-AFC7-AD1C1BCA0191"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDE00C3E-BB4E-4E71-86B8-E637BCD033A7"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC3C1085-3255-449C-AFE3-984EFAC5BCCE"
}
],
"operator": "OR"
}
]
}
]