1. Home
  2. Vulnerabilities
  3. CVE-2009-2625

CVE-2009-2625

CVSS v2.0 5 (Medium)
50% Progress
EPSS 17.16 % (96th)
17.16% Progress
Affected Products 9
Advisories 10
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Weaknesses
CWE-NVD-Other
Related CVEs
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2009-08-06 15:30:00
(15 years ago)
Updated Date
2023-11-07 02:04:10
(10 months ago)

Affected Products

Apache

Canonical

Debian

Fedoraproject

Opensuse

Oracle

Suse

Configuration #1

    CPE23 From Up To
  Oracle Jdk 1.5.0 cpe:2.3:a:oracle:jdk:1.5.0:-
  Oracle Jdk 1.5.0 Update1 cpe:2.3:a:oracle:jdk:1.5.0:update1
  Oracle Jdk 1.5.0 Update10 cpe:2.3:a:oracle:jdk:1.5.0:update10
  Oracle Jdk 1.5.0 Update11 cpe:2.3:a:oracle:jdk:1.5.0:update11
  Oracle Jdk 1.5.0 Update12 cpe:2.3:a:oracle:jdk:1.5.0:update12
  Oracle Jdk 1.5.0 Update13 cpe:2.3:a:oracle:jdk:1.5.0:update13
  Oracle Jdk 1.5.0 Update14 cpe:2.3:a:oracle:jdk:1.5.0:update14
  Oracle Jdk 1.5.0 Update15 cpe:2.3:a:oracle:jdk:1.5.0:update15
  Oracle Jdk 1.5.0 Update16 cpe:2.3:a:oracle:jdk:1.5.0:update16
  Oracle Jdk 1.5.0 Update17 cpe:2.3:a:oracle:jdk:1.5.0:update17
  Oracle Jdk 1.5.0 Update18 cpe:2.3:a:oracle:jdk:1.5.0:update18
  Oracle Jdk 1.5.0 Update19 cpe:2.3:a:oracle:jdk:1.5.0:update19
  Oracle Jdk 1.5.0 Update2 cpe:2.3:a:oracle:jdk:1.5.0:update2
  Oracle Jdk 1.5.0 Update3 cpe:2.3:a:oracle:jdk:1.5.0:update3
  Oracle Jdk 1.5.0 Update4 cpe:2.3:a:oracle:jdk:1.5.0:update4
  Oracle Jdk 1.5.0 Update5 cpe:2.3:a:oracle:jdk:1.5.0:update5
  Oracle Jdk 1.5.0 Update6 cpe:2.3:a:oracle:jdk:1.5.0:update6
  Oracle Jdk 1.5.0 Update7 cpe:2.3:a:oracle:jdk:1.5.0:update7
  Oracle Jdk 1.5.0 Update8 cpe:2.3:a:oracle:jdk:1.5.0:update8
  Oracle Jdk 1.5.0 Update9 cpe:2.3:a:oracle:jdk:1.5.0:update9
  Oracle Jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:-
  Oracle Jdk 1.6.0 Update1 cpe:2.3:a:oracle:jdk:1.6.0:update1
  Oracle Jdk 1.6.0 Update10 cpe:2.3:a:oracle:jdk:1.6.0:update10
  Oracle Jdk 1.6.0 Update11 cpe:2.3:a:oracle:jdk:1.6.0:update11
  Oracle Jdk 1.6.0 Update12 cpe:2.3:a:oracle:jdk:1.6.0:update12
  Oracle Jdk 1.6.0 Update13 cpe:2.3:a:oracle:jdk:1.6.0:update13
  Oracle Jdk 1.6.0 Update14 cpe:2.3:a:oracle:jdk:1.6.0:update14
  Oracle Jdk 1.6.0 Update2 cpe:2.3:a:oracle:jdk:1.6.0:update2
  Oracle Jdk 1.6.0 Update3 cpe:2.3:a:oracle:jdk:1.6.0:update3
  Oracle Jdk 1.6.0 Update4 cpe:2.3:a:oracle:jdk:1.6.0:update4
  Oracle Jdk 1.6.0 Update5 cpe:2.3:a:oracle:jdk:1.6.0:update5
  Oracle Jdk 1.6.0 Update6 cpe:2.3:a:oracle:jdk:1.6.0:update6
  Oracle Jdk 1.6.0 Update7 cpe:2.3:a:oracle:jdk:1.6.0:update7

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 10 cpe:2.3:o:fedoraproject:fedora:10
  Fedoraproject Fedora 11 cpe:2.3:o:fedoraproject:fedora:11

Configuration #3

    CPE23 From Up To
  Opensuse 11.0 cpe:2.3:o:opensuse:opensuse:11.0
  Opensuse 11.1 cpe:2.3:o:opensuse:opensuse:11.1
  Opensuse 11.2 cpe:2.3:o:opensuse:opensuse:11.2
  Suse Linux Enterprise Server 9 cpe:2.3:o:suse:linux_enterprise_server:9
  Suse Linux Enterprise Server 10 SP2 cpe:2.3:o:suse:linux_enterprise_server:10:sp2
  Suse Linux Enterprise Server 10 SP3 cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-
  Suse Linux Enterprise Server 11 cpe:2.3:o:suse:linux_enterprise_server:11:-

Configuration #4

    CPE23 From Up To
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0
  Debian Linux 5.0 cpe:2.3:o:debian:debian_linux:5.0

Configuration #5

    CPE23 From Up To
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-
  Canonical Ubuntu Linux 8.10 cpe:2.3:o:canonical:ubuntu_linux:8.10
  Canonical Ubuntu Linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04
  Canonical Ubuntu Linux 9.10 cpe:2.3:o:canonical:ubuntu_linux:9.10

Configuration #6

    CPE23 From Up To
  Oracle Primavera P6 Enterprise Project Portfolio Management 6.1 cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1
  Oracle Primavera P6 Enterprise Project Portfolio Management 6.2.1 cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1
  Oracle Primavera P6 Enterprise Project Portfolio Management 7.0 cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0
  Oracle Primavera Web Services 6.2.1 cpe:2.3:a:oracle:primavera_web_services:6.2.1
  Oracle Primavera Web Services 7.0 cpe:2.3:a:oracle:primavera_web_services:7.0:-
  Oracle Primavera Web Services 7.0 SP1 cpe:2.3:a:oracle:primavera_web_services:7.0:sp1

Configuration #7

    CPE23 From Up To
  Apache Xerces2 Java 2.9.1 cpe:2.3:a:apache:xerces2_java:2.9.1