Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for xerces-j2 RHSA-2014:1319-01
Summary:The remote host is missing an update for the 'xerces-j2'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'xerces-j2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)

All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.

Affected Software/OS:
xerces-j2 on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4002
BugTraq ID: 61310
HPdes Security Advisory: HPSBUX02943
HPdes Security Advisory: HPSBUX02944
RedHat Security Advisories: RHSA-2013:1059
RedHat Security Advisories: RHSA-2013:1060
RedHat Security Advisories: RHSA-2013:1081
RedHat Security Advisories: RHSA-2013:1440
RedHat Security Advisories: RHSA-2013:1447
RedHat Security Advisories: RHSA-2013:1451
RedHat Security Advisories: RHSA-2013:1505
RedHat Security Advisories: RHSA-2014:0414
RedHat Security Advisories: RHSA-2014:1818
RedHat Security Advisories: RHSA-2014:1821
RedHat Security Advisories: RHSA-2014:1822
RedHat Security Advisories: RHSA-2014:1823
RedHat Security Advisories: RHSA-2015:0675
RedHat Security Advisories: RHSA-2015:0720
RedHat Security Advisories: RHSA-2015:0765
RedHat Security Advisories: RHSA-2015:0773
SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search)
XForce ISS Database: ibm-java-cve20134002-dos(85260)
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.