ID de Prueba:	1.3.6.1.4.1.25623.1.0.120345
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-436)
Resumen:	The remote host is missing an update for the 'xerces-j2' package(s) announced via the ALAS-2014-436 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xerces-j2' package(s) announced via the ALAS-2014-436 advisory. Vulnerability Insight: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. Affected Software/OS: 'xerces-j2' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4002 AIX APAR: IC98015 http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015 http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html BugTraq ID: 61310 http://www.securityfocus.com/bid/61310 http://support.apple.com/kb/HT5982 http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch http://www-01.ibm.com/support/docview.wss?uid=swg21644197 http://www-01.ibm.com/support/docview.wss?uid=swg21653371 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002 http://www.ibm.com/support/docview.wss?uid=swg21648172 https://issues.apache.org/jira/browse/XERCESJ-1679 https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02943 http://marc.info/?l=bugtraq&m=138674031212883&w=2 HPdes Security Advisory: HPSBUX02944 http://marc.info/?l=bugtraq&m=138674073720143&w=2 http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E RedHat Security Advisories: RHSA-2013:1059 http://rhn.redhat.com/errata/RHSA-2013-1059.html RedHat Security Advisories: RHSA-2013:1060 http://rhn.redhat.com/errata/RHSA-2013-1060.html RedHat Security Advisories: RHSA-2013:1081 http://rhn.redhat.com/errata/RHSA-2013-1081.html RedHat Security Advisories: RHSA-2013:1440 http://rhn.redhat.com/errata/RHSA-2013-1440.html RedHat Security Advisories: RHSA-2013:1447 http://rhn.redhat.com/errata/RHSA-2013-1447.html RedHat Security Advisories: RHSA-2013:1451 http://rhn.redhat.com/errata/RHSA-2013-1451.html RedHat Security Advisories: RHSA-2013:1505 http://rhn.redhat.com/errata/RHSA-2013-1505.html RedHat Security Advisories: RHSA-2014:0414 https://access.redhat.com/errata/RHSA-2014:0414 RedHat Security Advisories: RHSA-2014:1818 http://rhn.redhat.com/errata/RHSA-2014-1818.html RedHat Security Advisories: RHSA-2014:1821 http://rhn.redhat.com/errata/RHSA-2014-1821.html RedHat Security Advisories: RHSA-2014:1822 http://rhn.redhat.com/errata/RHSA-2014-1822.html RedHat Security Advisories: RHSA-2014:1823 http://rhn.redhat.com/errata/RHSA-2014-1823.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0773 http://rhn.redhat.com/errata/RHSA-2015-0773.html http://secunia.com/advisories/56257 SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html http://www.ubuntu.com/usn/USN-2033-1 http://www.ubuntu.com/usn/USN-2089-1 XForce ISS Database: ibm-java-cve20134002-dos(85260) https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.