Vulnerability   
Search   
    Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.120345
Category:Amazon Linux Local Security Checks
Title:Amazon Linux: Security Advisory (ALAS-2014-436)
Summary:The remote host is missing an update for the 'xerces-j2' package(s) announced via the ALAS-2014-436 advisory.
Description:Summary:
The remote host is missing an update for the 'xerces-j2' package(s) announced via the ALAS-2014-436 advisory.

Vulnerability Insight:
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.

Affected Software/OS:
'xerces-j2' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4002
AIX APAR: IC98015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
BugTraq ID: 61310
http://www.securityfocus.com/bid/61310
http://support.apple.com/kb/HT5982
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch
http://www-01.ibm.com/support/docview.wss?uid=swg21644197
http://www-01.ibm.com/support/docview.wss?uid=swg21653371
http://www-01.ibm.com/support/docview.wss?uid=swg21657539
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002
http://www.ibm.com/support/docview.wss?uid=swg21648172
https://issues.apache.org/jira/browse/XERCESJ-1679
https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02943
http://marc.info/?l=bugtraq&m=138674031212883&w=2
HPdes Security Advisory: HPSBUX02944
http://marc.info/?l=bugtraq&m=138674073720143&w=2
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
RedHat Security Advisories: RHSA-2013:1059
http://rhn.redhat.com/errata/RHSA-2013-1059.html
RedHat Security Advisories: RHSA-2013:1060
http://rhn.redhat.com/errata/RHSA-2013-1060.html
RedHat Security Advisories: RHSA-2013:1081
http://rhn.redhat.com/errata/RHSA-2013-1081.html
RedHat Security Advisories: RHSA-2013:1440
http://rhn.redhat.com/errata/RHSA-2013-1440.html
RedHat Security Advisories: RHSA-2013:1447
http://rhn.redhat.com/errata/RHSA-2013-1447.html
RedHat Security Advisories: RHSA-2013:1451
http://rhn.redhat.com/errata/RHSA-2013-1451.html
RedHat Security Advisories: RHSA-2013:1505
http://rhn.redhat.com/errata/RHSA-2013-1505.html
RedHat Security Advisories: RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0414
RedHat Security Advisories: RHSA-2014:1818
http://rhn.redhat.com/errata/RHSA-2014-1818.html
RedHat Security Advisories: RHSA-2014:1821
http://rhn.redhat.com/errata/RHSA-2014-1821.html
RedHat Security Advisories: RHSA-2014:1822
http://rhn.redhat.com/errata/RHSA-2014-1822.html
RedHat Security Advisories: RHSA-2014:1823
http://rhn.redhat.com/errata/RHSA-2014-1823.html
RedHat Security Advisories: RHSA-2015:0675
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RedHat Security Advisories: RHSA-2015:0720
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RedHat Security Advisories: RHSA-2015:0765
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RedHat Security Advisories: RHSA-2015:0773
http://rhn.redhat.com/errata/RHSA-2015-0773.html
http://secunia.com/advisories/56257
SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
http://www.ubuntu.com/usn/USN-2033-1
http://www.ubuntu.com/usn/USN-2089-1
XForce ISS Database: ibm-java-cve20134002-dos(85260)
https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2025 E-Soft Inc. All rights reserved.