Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2013-4002

Related Vulnerabilities: CVE-2013-4002  

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.

Source
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.

Find out more about CVE-2013-4002 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Fuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/

Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Server 4 and 5; Red Hat JBoss Enterprise Web Platform 5; Red Hat JBoss SOA Platform 4 and 5; and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2013:1059 2013-07-15
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-oracle) RHSA-2013:1440 2013-10-17
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2013:1081 2013-07-16
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server RHSA-2014:1818 2014-11-06
Red Hat Enterprise Linux 7 (xerces-j2) RHSA-2014:1319 2014-09-29
Red Hat JBoss Operations Network 3.3 RHSA-2015:0269 2015-02-25
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server RHSA-2014:1821 2014-11-06
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2013:1081 2013-07-16
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2013:1447 2013-10-21
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2013:1059 2013-07-15
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2013:1451 2013-10-22
Red Hat JBoss Enterprise Application Platform 6.3 RHSA-2014:1823 2014-11-06
Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server RHSA-2014:1822 2014-11-06
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2013:1060 2013-07-15
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) RHSA-2014:0414 2014-04-17
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2013:1060 2013-07-15
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2013:1505 2013-11-05
Red Hat Enterprise Linux 6 (xerces-j2) RHSA-2014:1319 2014-09-29
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) RHSA-2014:0414 2014-04-17
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle) RHSA-2013:1440 2013-10-17
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2013:1505 2013-11-05

Affected Packages State

Platform Package State
Red Hat Software Collections 1 for Red Hat Enterprise Linux maven30-xerces-j2 Will not fix
Red Hat Satellite 5 xerces-j2 Will not fix
Red Hat OpenShift Enterprise 2 xercesMnimal Not affected
Red Hat OpenShift Enterprise 1 xercesMnimal Not affected
Red Hat JBoss Portal Platform 6 xerces-j2 Will not fix
Red Hat JBoss Portal 5 xerces-j2 Will not fix
Red Hat JBoss Fuse Service Works 6 xerces-j2 Will not fix
Red Hat JBoss Enterprise SOA Platform 5 xerces-j2 Will not fix
Red Hat JBoss Enterprise SOA Platform 4 xerces-j2 Will not fix
Red Hat JBoss EWS 1 xerces-j2 Will not fix
Red Hat JBoss EAP 7 Web Services Not affected
Red Hat JBoss EAP 5 xerces-j2 Will not fix
Red Hat JBoss EAP 4 xerces-j2 Will not fix
Red Hat JBoss Data Virtualization 6 xerces-j2 Will not fix
Red Hat JBoss Data Grid 6 xerces-j2 Will not fix
Red Hat JBoss BRMS 6 xerces-j2 Will not fix
Red Hat JBoss BRMS 5 xerces-j2 Will not fix
Red Hat JBoss BPMS 6 xerces-j2 Will not fix
Red Hat Enterprise Linux 5 xerces-j2 Will not fix
RHEV Manager 3 jasperreports-server-pro Will not fix

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started