Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-4002

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.

Source

ALAS-2014-436

Amazon Linux AMI Security Advisory: ALAS-2014-436
Advisory Release Date: 2014-10-28 17:13 Pacific
Advisory Updated Date: 2014-11-01 14:05 Pacific

Severity: Medium

References: CVE-2013-4002 RHSA-2014-1319

Issue Overview:

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.

Affected Packages:

xerces-j2

Issue Correction:
Run yum update xerces-j2 to update your system.

New Packages:

noarch:
    xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch
    xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch
    xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch
    xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch
    xerces-j2-2.7.1-12.7.19.amzn1.noarch
    xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch
    xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch

src:
    xerces-j2-2.7.1-12.7.19.amzn1.src

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2014-436

ALAS-2014-436

Vulmon Search

About

Products

Connect