vulnerability CVE-2009-2625
Apache Xerces2 Java, Java JRE/JDK, OpenJDK: memory corruption via XML
Synthesis of the vulnerability
An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in Apache Xerces2 Java, Java JRE/JDK or OpenJDK.
Impacted products: Debian, HP-UX, MES, Mandriva Linux, openSUSE, Oracle GlassFish Server, Oracle JRE, RHEL, JBoss Enterprise, Slackware, Sun AS, SLES, Unix (platform).
Severity: 3/4.
Creation date: 10/08/2009.
Revision date: 09/12/2009.
Identifiers: 272209, 6870754, BID-35958, CVE-2009-2625, DSA 1984-1, FICORA #245608, HPSBUX02476, MDVSA-2011:108, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1505-01, RHSA-2009:1582-01, RHSA-2009:1615-01, RHSA-2011:0858-01, RHSA-2012:0725-01, RHSA-2012:1232-01, RHSA-2012:1537-01, RHSA-2013:0763-01, SSA:2011-041-02, SSRT090250, SUSE-SR:2009:014, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:011, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-8925.
Description of the vulnerability
The Apache Xerces2 Java, Java JRE/JDK and OpenJDK products manage XML data. They share the same vulnerability.
An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in these products.
Technical details are unknown.
Complete Vigil@nce bulletin.... (
free access)
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an
applications vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.
