Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871252
Category:Red Hat Local Security Checks
Title:RedHat Update for xerces-j2 RHSA-2014:1319-01
Summary:The remote host is missing an update for the 'xerces-j2'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'xerces-j2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)

All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.

Affected Software/OS:
xerces-j2 on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4002
AIX APAR: IC98015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
BugTraq ID: 61310
http://www.securityfocus.com/bid/61310
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02943
http://marc.info/?l=bugtraq&m=138674031212883&w=2
HPdes Security Advisory: HPSBUX02944
http://marc.info/?l=bugtraq&m=138674073720143&w=2
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E
RedHat Security Advisories: RHSA-2013:1059
http://rhn.redhat.com/errata/RHSA-2013-1059.html
RedHat Security Advisories: RHSA-2013:1060
http://rhn.redhat.com/errata/RHSA-2013-1060.html
RedHat Security Advisories: RHSA-2013:1081
http://rhn.redhat.com/errata/RHSA-2013-1081.html
RedHat Security Advisories: RHSA-2013:1440
http://rhn.redhat.com/errata/RHSA-2013-1440.html
RedHat Security Advisories: RHSA-2013:1447
http://rhn.redhat.com/errata/RHSA-2013-1447.html
RedHat Security Advisories: RHSA-2013:1451
http://rhn.redhat.com/errata/RHSA-2013-1451.html
RedHat Security Advisories: RHSA-2013:1505
http://rhn.redhat.com/errata/RHSA-2013-1505.html
RedHat Security Advisories: RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0414
RedHat Security Advisories: RHSA-2014:1818
http://rhn.redhat.com/errata/RHSA-2014-1818.html
RedHat Security Advisories: RHSA-2014:1821
http://rhn.redhat.com/errata/RHSA-2014-1821.html
RedHat Security Advisories: RHSA-2014:1822
http://rhn.redhat.com/errata/RHSA-2014-1822.html
RedHat Security Advisories: RHSA-2014:1823
http://rhn.redhat.com/errata/RHSA-2014-1823.html
RedHat Security Advisories: RHSA-2015:0675
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RedHat Security Advisories: RHSA-2015:0720
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RedHat Security Advisories: RHSA-2015:0765
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RedHat Security Advisories: RHSA-2015:0773
http://rhn.redhat.com/errata/RHSA-2015-0773.html
http://secunia.com/advisories/56257
SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
http://www.ubuntu.com/usn/USN-2033-1
http://www.ubuntu.com/usn/USN-2089-1
XForce ISS Database: ibm-java-cve20134002-dos(85260)
https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.