Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2013-4002

Published: 23/07/2013 Updated: 07/11/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 633
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Java

Vulnerability Summary

XMLscanner.java in Apache Xerces2 Java Parser prior to 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 prior to 5.0 SR16-FP3, 6 prior to 6 SR14, 6.0.1 prior to 6.0.1 SR6, and 7 prior to 7 SR5 as well as Oracle Java SE 7u40 and previous versions, Java SE 6u60 and previous versions, Java SE 5.0u51 and previous versions, JRockit R28.2.8 and previous versions, JRockit R27.7.6 and previous versions, Java SE Embedded 7u40 and previous versions, and possibly other products allows remote malicious users to cause a denial of service via vectors related to XML attribute names.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ibm java 5.0.12.2

ibm java 5.0.12.3

ibm java 5.0.0.0

ibm java 5.0.14.0

ibm java 5.0.11.0

ibm java 5.0.16.0

ibm java 5.0.12.1

ibm java 5.0.13.0

ibm java 5.0.16.2

ibm java 5.0.12.4

ibm java 5.0.11.2

ibm java 5.0.11.1

ibm java 5.0.16.1

ibm java 5.0.12.0

ibm java 5.0.12.5

ibm java 5.0.15.0

ibm java 6.0.3.0

ibm java 6.0.9.0

ibm java 6.0.13.0

ibm java 6.0.10.1

ibm java 6.0.10.0

ibm java 6.0.13.2

ibm java 6.0.6.0

ibm java 6.0.1.0

ibm java 6.0.9.1

ibm java 6.0.12.0

ibm java 6.0.8.1

ibm java 6.0.11.0

ibm java 6.0.5.0

ibm java 6.0.7.0

ibm java 6.0.2.0

ibm java 6.0.13.1

ibm java 6.0.4.0

ibm java 6.0.9.2

ibm java 6.0.8.0

ibm java 6.0.0.0

ibm java 7.0.0.0

ibm java 7.0.2.0

ibm java 7.0.4.2

ibm java 7.0.1.0

ibm java 7.0.4.1

ibm java 7.0.3.0

ibm java 7.0.4.0

oracle jre 1.7.0

oracle jdk 1.7.0

oracle jrockit

oracle jdk 1.5.0

oracle jdk 1.6.0

oracle jre 1.5.0

oracle jre 1.6.0

ibm sterling b2b integrator 5.2.4

ibm host_on-demand 11.0

ibm host_on-demand 11.0.1

ibm host_on-demand 11.0.2

ibm host_on-demand 11.0.3

ibm host_on-demand 11.0.4

ibm host_on-demand 11.0.5

ibm host_on-demand 11.0.5.1

ibm host_on-demand 11.0.6

ibm host_on-demand 11.0.6.1

ibm host_on-demand 11.0.7

ibm host_on-demand 11.0.8

ibm tivoli_application_dependency_discovery_manager 7.2.2

ibm sterling_b2b_integrator 5.1

ibm sterling_b2b_integrator 5.2

ibm sterling_file_gateway 2.1

ibm sterling_file_gateway 2.2

suse linux enterprise desktop 11

suse linux enterprise server 11

opensuse opensuse 12.3

suse linux enterprise server 9

opensuse opensuse 12.2

suse linux enterprise sdk 11

suse linux enterprise server 10

suse linux enterprise desktop 10

suse linux enterprise java 11

suse linux enterprise java 10

canonical ubuntu linux 13.04

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

apache xerces2 java

Vendor Advisories

Ubuntu Security Notice: openjdk-7 vulnerabilities
Several security issues were fixed in OpenJDK 7 ...
Ubuntu Security Notice: openjdk-6 vulnerabilities
Several security issues were fixed in OpenJDK 6 ...
Red Hat: Important: java-1.6.0-openjdk security update
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant secur ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...
Red Hat: Critical: java-1.7.0-openjdk security update
Synopsis Critical: java-170-openjdk security update Type/Severity Security Advisory: Critical Topic Updated java-170-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impac ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...
Red Hat: CVE-2013-4002
A resource consumption issue was found in the way Xerces-J handled XML declarations A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU ...
Amazon Linux AMI: ALAS-2013-246
Multiple input checking flaws were found in the 2D component native image parsing code A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine (CVE-2013-5782) The class loader did not properly check the pa ...
Amazon Linux AMI: ALAS-2014-436
A resource consumption issue was found in the way Xerces-J handled XML declarations A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU ...
Amazon Linux AMI: ALAS-2013-235
Multiple input checking flaws were found in the 2D component native image parsing code A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine (CVE-2013-5782) The class loader did not properly check the pa ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus XML Processor
Multiple vulnerabilities were found in Cosminexus XML Processor CVE-2012-0881, CVE-2013-4002 Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities exist in Cosminexus XML Processor, which is a component product of other Hitachi products For details about the fixed versio ...

References

NVD-CWE-noinfohttp://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013http://www-01.ibm.com/support/docview.wss?uid=swg21644197http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1081.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1060.htmlhttp://www.securityfocus.com/bid/61310http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlhttp://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002http://www.ibm.com/support/docview.wss?uid=swg21648172http://rhn.redhat.com/errata/RHSA-2013-1440.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1451.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1447.htmlhttp://support.apple.com/kb/HT5982http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlhttp://www.ubuntu.com/usn/USN-2033-1http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1505.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC98015http://www-01.ibm.com/support/docview.wss?uid=swg21657539http://marc.info/?l=bugtraq&m=138674073720143&w=2http://marc.info/?l=bugtraq&m=138674031212883&w=2http://www-01.ibm.com/support/docview.wss?uid=swg21653371http://secunia.com/advisories/56257http://rhn.redhat.com/errata/RHSA-2013-1059.htmlhttp://www.ubuntu.com/usn/USN-2089-1http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://rhn.redhat.com/errata/RHSA-2014-1822.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1818.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1821.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1823.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0773.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85260http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlhttps://access.redhat.com/errata/RHSA-2014:0414https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttps://issues.apache.org/jira/browse/XERCESJ-1679http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patchhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3Ehttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Ehttps://nvd.nist.govhttps://usn.ubuntu.com/2089-1/https://access.redhat.com/security/cve/cve-2013-4002
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook