Lucene search
AmazonALAS-2014-436HistoryOct 28, 2014 - 5:13 p.m.
Medium: xerces-j2
2014-10-2817:13:00
alas.aws.amazon.com
45
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
0.019
Percentile
88.5%
Issue Overview:
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.
Affected Packages:
xerces-j2
Issue Correction:
Run yum update xerces-j2 to update your system.
New Packages:
noarch:
xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch
xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch
xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch
xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch
xerces-j2-2.7.1-12.7.19.amzn1.noarch
xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch
xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch
src:
xerces-j2-2.7.1-12.7.19.amzn1.src
Additional References
Red Hat: CVE-2013-4002
Mitre: CVE-2013-4002
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | noarch | xerces-j2-javadoc-apis | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | xerces-j2-javadoc-xni | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | xerces-j2-javadoc-other | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | xerces-j2-demo | < 2.7.1-12.7.19.amzn1 | xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | xerces-j2 | < 2.7.1-12.7.19.amzn1 | xerces-j2-2.7.1-12.7.19.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | xerces-j2-scripts | < 2.7.1-12.7.19.amzn1 | xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | xerces-j2-javadoc-impl | < 2.7.1-12.7.19.amzn1 | xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch.rpm |
Related
mageia
mageia
Updated xerces-j2 packages fix CVE-2013-4002
2014-10-07 13:22:51
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
nessus
nessus
Fedora 21 : xerces-j2-2.11.0-22.fc21 (2014-10617)
2014-09-23 00:00:00
F5 Networks BIG-IP : Java Runtime Environment vulnerability (SOL16872)
2015-09-14 00:00:00
RHEL 5 : ewp-5 (Unpatched Vulnerability)
2024-06-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-10-10 02:57:26
Denial Of Service (DoS)
2019-01-15 09:02:50
ibm
ibm
f5
f5
K16872 : Java Runtime Environment vulnerability CVE-2013-4002
2015-09-11 00:00:00
SOL16872 - Java Runtime Environment vulnerability CVE-2013-4002
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: xerces-j2-2.11.0-17.fc20
2014-09-25 10:44:24
[SECURITY] Fedora 21 Update: xerces-j2-2.11.0-22.fc21
2014-09-23 05:03:54
[SECURITY] Fedora 19 Update: xerces-j2-2.11.0-15.fc19
2014-09-25 10:33:09
securityvulns
securityvulns
xerces-j DoS
2014-10-14 00:00:00
[ MDVSA-2014:193 ] xerces-j2
2014-10-14 00:00:00
atlassian
atlassian
Denial of Service attack through vulnerable Xerces-J library
2015-06-19 06:43:36
Denial of Service attack through vulnerable Xerces-J library
2015-06-19 06:43:36
redhat
redhat
oraclelinux
oraclelinux
xerces-j2 security update
2014-09-29 00:00:00
java-1.6.0-openjdk security update
2013-11-05 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
openvas
openvas
CentOS Update for xerces-j2 CESA-2014:1319 centos7
2014-10-01 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-436)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2014-1319)
2015-10-06 00:00:00
prion
prion
Code injection
2013-07-23 11:03:00
nvd
nvd
CVE-2013-4002
2013-07-23 11:03:19
github
github
Missing XML Validation in Apache Xerces2
2022-05-13 01:01:06
cve
cve
CVE-2013-4002
2013-07-23 11:03:19
osv
osv
Missing XML Validation in Apache Xerces2
2022-05-13 01:01:06
centos
centos
xerces security update
2014-09-30 10:18:46
java security update
2013-11-05 20:45:16
java security update
2013-10-23 11:04:05
ubuntucve
ubuntucve
CVE-2013-4002
2013-10-16 00:00:00
cvelist
cvelist
CVE-2013-4002
2013-07-23 10:00:00
suse
suse
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
Security update for java-1_5_0-ibm (important)
2013-07-27 17:04:14
Security update for IBMJava5 JRE and IBMJava5 SDK (important)
2013-08-02 23:04:12
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
0.019
Percentile
88.5%
Related for ALAS-2014-436