CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
Percentile
88.5%
Issue Overview:
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.
Affected Packages:
xerces-j2
Issue Correction:
Run yum update xerces-j2 to update your system.
New Packages:
noarch:
xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch
xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch
xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch
xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch
xerces-j2-2.7.1-12.7.19.amzn1.noarch
xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch
xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch
src:
xerces-j2-2.7.1-12.7.19.amzn1.src
Red Hat: CVE-2013-4002
Mitre: CVE-2013-4002
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | noarch | xerces-j2-javadoc-apis | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | xerces-j2-javadoc-xni | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | xerces-j2-javadoc-other | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | xerces-j2-demo | < 2.7.1-12.7.19.amzn1 | xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | xerces-j2 | < 2.7.1-12.7.19.amzn1 | xerces-j2-2.7.1-12.7.19.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | xerces-j2-scripts | < 2.7.1-12.7.19.amzn1 | xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | xerces-j2-javadoc-impl | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch.rpm |