First published: Tue Jul 21 2009(Updated: )
Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote attacker could exploit this vulnerability using specially-crafted XML input, to cause the application to enter into an infinite loop and hang.
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Verify Governance | <=10.0 | |
redhat/java | <1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3 | 1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3 |
redhat/java | <1.5.0-sun-0:1.5.0.20-1jpp.1.el4 | 1.5.0-sun-0:1.5.0.20-1jpp.1.el4 |
redhat/java | <1.6.0-sun-1:1.6.0.15-1jpp.1.el4 | 1.6.0-sun-1:1.6.0.15-1jpp.1.el4 |
redhat/java | <1.5.0-ibm-1:1.5.0.10-1jpp.4.el4 | 1.5.0-ibm-1:1.5.0.10-1jpp.4.el4 |
redhat/java | <1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4 | 1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4 |
redhat/java | <1.6.0-ibm-1:1.6.0.6-1jpp.3.el4 | 1.6.0-ibm-1:1.6.0.6-1jpp.3.el4 |
redhat/glassfish-javamail | <0:1.4.2-0jpp.ep1.5.el4 | 0:1.4.2-0jpp.ep1.5.el4 |
redhat/glassfish-jsf | <0:1.2_13-2.1.ep1.el4 | 0:1.2_13-2.1.ep1.el4 |
redhat/hibernate3 | <1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4 | 1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4 |
redhat/hibernate3-annotations | <0:3.3.1-1.11.GA_CP02.ep1.el4 | 0:3.3.1-1.11.GA_CP02.ep1.el4 |
redhat/hibernate3-entitymanager | <0:3.3.2-2.5.GA_CP01.ep1.el4 | 0:3.3.2-2.5.GA_CP01.ep1.el4 |
redhat/jacorb | <0:2.3.0-1jpp.ep1.9.el4 | 0:2.3.0-1jpp.ep1.9.el4 |
redhat/jakarta-commons-logging-jboss | <0:1.1-9.ep1.el4 | 0:1.1-9.ep1.el4 |
redhat/jboss-aop | <0:1.5.5-3.CP04.2.ep1.el4 | 0:1.5.5-3.CP04.2.ep1.el4 |
redhat/jbossas | <0:4.2.0-5.GA_CP08.5.ep1.el4 | 0:4.2.0-5.GA_CP08.5.ep1.el4 |
redhat/jboss-common | <0:1.2.1-0jpp.ep1.3.el4 | 0:1.2.1-0jpp.ep1.3.el4 |
redhat/jboss-remoting | <0:2.2.3-3.SP1.ep1.el4 | 0:2.2.3-3.SP1.ep1.el4 |
redhat/jboss-seam | <0:1.2.1-1.ep1.22.el4 | 0:1.2.1-1.ep1.22.el4 |
redhat/jbossts | <1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4 | 1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4 |
redhat/jbossweb | <0:2.0.0-6.CP12.0jpp.ep1.2.el4 | 0:2.0.0-6.CP12.0jpp.ep1.2.el4 |
redhat/jcommon | <0:1.0.16-1.1.ep1.el4 | 0:1.0.16-1.1.ep1.el4 |
redhat/jfreechart | <0:1.0.13-2.3.1.ep1.el4 | 0:1.0.13-2.3.1.ep1.el4 |
redhat/jgroups | <1:2.4.7-1.ep1.el4 | 1:2.4.7-1.ep1.el4 |
redhat/quartz | <0:1.5.2-1jpp.patch01.ep1.4.el4 | 0:1.5.2-1jpp.patch01.ep1.4.el4 |
redhat/rh-eap-docs | <0:4.2.0-6.GA_CP08.ep1.3.el4 | 0:4.2.0-6.GA_CP08.ep1.3.el4 |
redhat/xerces-j2 | <0:2.7.1-9jpp.4.patch_02.1.ep1.el4 | 0:2.7.1-9jpp.4.patch_02.1.ep1.el4 |
redhat/xml-security | <0:1.3.0-1.3.patch01.ep1.2.el4 | 0:1.3.0-1.3.patch01.ep1.2.el4 |
redhat/glassfish-jsf | <0:1.2_13-2.1.ep1.el5 | 0:1.2_13-2.1.ep1.el5 |
redhat/hibernate3 | <1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5 | 1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5 |
redhat/hibernate3-annotations | <0:3.3.1-1.11GA_CP02.ep1.el5 | 0:3.3.1-1.11GA_CP02.ep1.el5 |
redhat/hibernate3-entitymanager | <0:3.3.2-2.5.1.ep1.el5 | 0:3.3.2-2.5.1.ep1.el5 |
redhat/jacorb | <0:2.3.0-1jpp.ep1.9.1.el5 | 0:2.3.0-1jpp.ep1.9.1.el5 |
redhat/jboss-aop | <0:1.5.5-3.CP04.2.ep1.el5 | 0:1.5.5-3.CP04.2.ep1.el5 |
redhat/jbossas | <0:4.2.0-5.GA_CP08.5.2.ep1.el5 | 0:4.2.0-5.GA_CP08.5.2.ep1.el5 |
redhat/jboss-common | <0:1.2.1-0jpp.ep1.3.el5.1 | 0:1.2.1-0jpp.ep1.3.el5.1 |
redhat/jboss-remoting | <0:2.2.3-3.SP1.ep1.el5 | 0:2.2.3-3.SP1.ep1.el5 |
redhat/jboss-seam | <0:1.2.1-1.ep1.14.el5 | 0:1.2.1-1.ep1.14.el5 |
redhat/jbossts | <1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5 | 1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5 |
redhat/jbossweb | <0:2.0.0-6.CP12.0jpp.ep1.2.el5 | 0:2.0.0-6.CP12.0jpp.ep1.2.el5 |
redhat/jcommon | <0:1.0.16-1.1.ep1.el5 | 0:1.0.16-1.1.ep1.el5 |
redhat/jfreechart | <0:1.0.13-2.3.1.ep1.el5 | 0:1.0.13-2.3.1.ep1.el5 |
redhat/jgroups | <1:2.4.7-1.ep1.el5 | 1:2.4.7-1.ep1.el5 |
redhat/quartz | <0:1.5.2-1jpp.patch01.ep1.4.1.el5 | 0:1.5.2-1jpp.patch01.ep1.4.1.el5 |
redhat/rh-eap-docs | <0:4.2.0-6.GA_CP08.ep1.3.el5 | 0:4.2.0-6.GA_CP08.ep1.3.el5 |
redhat/xml-security | <0:1.3.0-1.3.patch01.ep1.2.1.el5 | 0:1.3.0-1.3.patch01.ep1.2.1.el5 |
redhat/java | <1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5 | 1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5 |
redhat/xerces-j2 | <0:2.7.1-7jpp.2.el5_4.2 | 0:2.7.1-7jpp.2.el5_4.2 |
redhat/xerces-j2 | <0:2.7.1-12.6.el6_0 | 0:2.7.1-12.6.el6_0 |
redhat/glassfish-jaxb | <0:2.1.4-1.12.patch03.ep1.el4 | 0:2.1.4-1.12.patch03.ep1.el4 |
redhat/jbossas | <0:4.3.0-6.GA_CP07.4.ep1.el4 | 0:4.3.0-6.GA_CP07.4.ep1.el4 |
redhat/jboss-messaging | <0:1.4.0-3.SP3_CP09.4.ep1.el4 | 0:1.4.0-3.SP3_CP09.4.ep1.el4 |
redhat/jboss-seam | <0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4 | 0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4 |
redhat/jboss-seam2 | <0:2.0.2.FP-1.ep1.21.el4 | 0:2.0.2.FP-1.ep1.21.el4 |
redhat/jbossws | <0:2.0.1-4.SP2_CP07.2.ep1.el4 | 0:2.0.1-4.SP2_CP07.2.ep1.el4 |
redhat/jbossws-common | <0:1.0.0-2.GA_CP05.1.ep1.el4 | 0:1.0.0-2.GA_CP05.1.ep1.el4 |
redhat/jbossws-framework | <0:2.0.1-1.GA_CP05.1.ep1.el4 | 0:2.0.1-1.GA_CP05.1.ep1.el4 |
redhat/rh-eap-docs | <0:4.3.0-6.GA_CP07.ep1.3.el4 | 0:4.3.0-6.GA_CP07.ep1.3.el4 |
redhat/glassfish-jaxb | <0:2.1.4-1.12.patch03.1.ep1.el5 | 0:2.1.4-1.12.patch03.1.ep1.el5 |
redhat/jbossas | <0:4.3.0-6.GA_CP07.4.2.ep1.el5 | 0:4.3.0-6.GA_CP07.4.2.ep1.el5 |
redhat/jboss-messaging | <0:1.4.0-3.SP3_CP09.4.ep1.el5 | 0:1.4.0-3.SP3_CP09.4.ep1.el5 |
redhat/jboss-seam | <0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1 | 0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1 |
redhat/jboss-seam2 | <0:2.0.2.FP-1.ep1.18.el5 | 0:2.0.2.FP-1.ep1.18.el5 |
redhat/jbossws | <0:2.0.1-4.SP2_CP07.2.1.ep1.el5 | 0:2.0.1-4.SP2_CP07.2.1.ep1.el5 |
redhat/jbossws-common | <0:1.0.0-2.GA_CP05.1.ep1.el5 | 0:1.0.0-2.GA_CP05.1.ep1.el5 |
redhat/jbossws-framework | <0:2.0.1-1.GA_CP05.1.ep1.el5 | 0:2.0.1-1.GA_CP05.1.ep1.el5 |
redhat/rh-eap-docs | <0:4.3.0-6.GA_CP07.ep1.3.el5 | 0:4.3.0-6.GA_CP07.ep1.3.el5 |
redhat/java | <1.5.0-sun-0:1.5.0.22-1jpp.1.el4 | 1.5.0-sun-0:1.5.0.22-1jpp.1.el4 |
redhat/java | <1.6.0-ibm-1:1.6.0.7-1jpp.3.el4 | 1.6.0-ibm-1:1.6.0.7-1jpp.3.el4 |
redhat/java | <1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8 | 1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8 |
redhat/java | <1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3 | 1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3 |
redhat/jasperreports-server-pro | <0:4.7.1-2.el6e | 0:4.7.1-2.el6e |
redhat/java | <1.5.0-sun-0:1.5.0.20-1jpp.1.el5 | 1.5.0-sun-0:1.5.0.20-1jpp.1.el5 |
redhat/java | <1.6.0-sun-1:1.6.0.15-1jpp.1.el5 | 1.6.0-sun-1:1.6.0.15-1jpp.1.el5 |
redhat/java | <1.5.0-ibm-1:1.5.0.10-1jpp.4.el5 | 1.5.0-ibm-1:1.5.0.10-1jpp.4.el5 |
redhat/java | <1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5 | 1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5 |
redhat/java | <1.6.0-ibm-1:1.6.0.6-1jpp.3.el5 | 1.6.0-ibm-1:1.6.0.6-1jpp.3.el5 |
Oracle JDK | =1.5.0-update11 | |
Oracle JDK | =1.5.0-update1 | |
Oracle JDK | =1.5.0-update2 | |
Oracle JDK | =1.5.0-update3 | |
Oracle JDK | =1.5.0-update5 | |
Oracle JDK | =1.5.0-update6 | |
Oracle JDK | =1.5.0-update7 | |
Oracle JDK | =1.5.0-update8 | |
Oracle JDK | =1.5.0-update9 | |
Oracle JDK | =1.5.0-update10 | |
Oracle JDK | =1.5.0-update12 | |
Oracle JDK | =1.5.0-update13 | |
Oracle JDK | =1.5.0-update14 | |
Oracle JDK | =1.5.0-update15 | |
Oracle JDK | =1.5.0-update16 | |
Oracle JDK | =1.5.0-update17 | |
Oracle JDK | =1.5.0-update18 | |
Oracle JDK | =1.5.0-update19 | |
Oracle JDK | =1.5.0 | |
Oracle JDK | =1.5.0-update4 | |
Oracle JDK | =1.6.0 | |
Oracle JDK | =1.6.0-update10 | |
Oracle JDK | =1.6.0-update12 | |
Oracle JDK | =1.6.0-update13 | |
Oracle JDK | =1.6.0-update14 | |
Oracle JDK | =1.6.0-update11 | |
Oracle JDK | =1.6.0-update1 | |
Oracle JDK | =1.6.0-update2 | |
Oracle JDK | =1.6.0-update3 | |
Oracle JDK | =1.6.0-update4 | |
Oracle JDK | =1.6.0-update5 | |
Oracle JDK | =1.6.0-update7 | |
Oracle JDK | =1.6.0-update6 | |
Fedoraproject Fedora | =11 | |
Fedoraproject Fedora | =10 | |
openSUSE openSUSE | =11.1 | |
SUSE Linux Enterprise Server | =9 | |
openSUSE openSUSE | =11.0 | |
openSUSE openSUSE | =11.2 | |
SUSE Linux Enterprise Server | =10-sp2 | |
SUSE Linux Enterprise Server | =11 | |
SUSE Linux Enterprise Server | =10-sp3 | |
Debian Debian Linux | =5.0 | |
Debian Debian Linux | =4.0 | |
Canonical Ubuntu Linux | =9.04 | |
Canonical Ubuntu Linux | =8.10 | |
Canonical Ubuntu Linux | =9.10 | |
Canonical Ubuntu Linux | =8.04 | |
Canonical Ubuntu Linux | =6.06 | |
Oracle Primavera Web Services | =7.0 | |
Oracle Primavera Web Services | =7.0-sp1 | |
Oracle Primavera Web Services | =6.2.1 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | =6.2.1 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | =7.0 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | =6.1 | |
Apache Xerces2 Java | =2.9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)