The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache Xerces Java

computer vulnerability bulletin 24208

Apache Xerces Java: denial of service via Long Attribute Names

Synthesis of the vulnerability

An attacker can generate a fatal error via Long Attribute Names of Apache Xerces Java, in order to trigger a denial of service.
Impacted products: Xerces Java, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/10/2017.
Identifiers: openSUSE-SU-2017:2825-1, VIGILANCE-VUL-24208.

Description of the vulnerability

An attacker can generate a fatal error via Long Attribute Names of Apache Xerces Java, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 23778

Oracle Java, Apache Xerces: denial of service via FTP

Synthesis of the vulnerability

An attacker can interrupt a FTP transfer, in order to trigger a denial of service on the Oracle Java or Apache Xerces client.
Impacted products: Xerces Java, Java OpenJDK, Java Oracle.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 08/09/2017.
Identifiers: VIGILANCE-VUL-23778.

Description of the vulnerability

An attacker can interrupt a FTP transfer, in order to trigger a denial of service on the Oracle Java or Apache Xerces client.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-0881

Apache Xerces Java: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Xerces Java, Puppet.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 22/07/2014.
Identifiers: 787104, CVE-2012-0881, VIGILANCE-VUL-15083.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability also impacts Apache Xerces Java.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-2625

Apache Xerces2 Java, Java JRE/JDK, OpenJDK: memory corruption via XML

Synthesis of the vulnerability

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in Apache Xerces2 Java, Java JRE/JDK or OpenJDK.
Impacted products: Xerces Java, Debian, HP-UX, Mandriva Linux, Java OpenJDK, openSUSE, Oracle GlassFish Server, Java Oracle, RHEL, JBoss EAP by Red Hat, Slackware, Sun AS, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/08/2009.
Revision date: 09/12/2009.
Identifiers: 272209, 6870754, BID-35958, CVE-2009-2625, DSA-1984-1, FICORA #245608, HPSBUX02476, MDVSA-2011:108, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1505-01, RHSA-2009:1582-01, RHSA-2009:1615-01, RHSA-2011:0858-01, RHSA-2012:0725-01, RHSA-2012:1232-01, RHSA-2012:1537-01, RHSA-2013:0763-01, SSA:2011-041-02, SSRT090250, SUSE-SR:2009:014, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:011, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-8925.

Description of the vulnerability

The Apache Xerces2 Java, Java JRE/JDK and OpenJDK products manage XML data. They share the same vulnerability.

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in these products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Xerces Java: