RHSA-2014:1319: Moderate: xerces-j2 security update

First published: Mon Sep 29 2014(Updated: )

Apache Xerces for Java (Xerces-J) is a high performance, standards<br>compliant, validating XML parser written in Java. The xerces-j2 packages<br>provide Xerces-J version 2.<br>A resource consumption issue was found in the way Xerces-J handled XML<br>declarations. A remote attacker could use an XML document with a specially<br>crafted declaration using a long pseudo-attribute name that, when parsed by<br>an application using Xerces-J, would cause that application to use an<br>excessive amount of CPU. (CVE-2013-4002)<br>All xerces-j2 users are advised to upgrade to these updated packages, which<br>contain a backported patch to correct this issue. Applications using the<br>Xerces-J must be restarted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• anchor-id/RHSA-2014:1319
• package-manager/redhat