CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644197	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1081.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1060.html	Broken Link
http://www.securityfocus.com/bid/61310	Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html	Third Party Advisory
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21648172	Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1440.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1451.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2013-1447.html	Broken Link
http://support.apple.com/kb/HT5982	Third Party Advisory
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html	Broken Link Mailing List
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html	Third Party Advisory
http://www.ubuntu.com/usn/USN-2033-1	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1505.html	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21657539	Vendor Advisory
http://marc.info/?l=bugtraq&m=138674073720143&w=2	Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=138674031212883&w=2	Issue Tracking Mailing List Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21653371	Vendor Advisory
http://secunia.com/advisories/56257	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1059.html	Broken Link
http://www.ubuntu.com/usn/USN-2089-1	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1822.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1818.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1821.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2014-1823.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0675.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0720.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0765.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0773.html	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/85260	VDB Entry Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html	Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0414	Third Party Advisory
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E	Mailing List Vendor Advisory
https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html	Third Party Advisory
https://issues.apache.org/jira/browse/XERCESJ-1679	Issue Tracking Vendor Advisory
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch	Patch Vendor Advisory
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E	Mailing List Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:java:5.0.12.2:::::::*
	cpe:2.3:a:ibm:java:5.0.12.3:::::::*
	cpe:2.3:a:ibm:java:5.0.0.0:::::::*
	cpe:2.3:a:ibm:java:5.0.14.0:::::::*
	cpe:2.3:a:ibm:java:5.0.11.0:::::::*
	cpe:2.3:a:ibm:java:5.0.16.0:::::::*
	cpe:2.3:a:ibm:java:5.0.12.1:::::::*
	cpe:2.3:a:ibm:java:5.0.13.0:::::::*
	cpe:2.3:a:ibm:java:5.0.16.2:::::::*
	cpe:2.3:a:ibm:java:5.0.12.4:::::::*
	cpe:2.3:a:ibm:java:5.0.12.0:::::::*
	cpe:2.3:a:ibm:java:5.0.16.1:::::::*
	cpe:2.3:a:ibm:java:5.0.15.0:::::::*
	cpe:2.3:a:ibm:java:5.0.12.5:::::::*
	cpe:2.3:a:ibm:java:5.0.11.1:::::::*
	cpe:2.3:a:ibm:java:5.0.11.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:java:6.0.3.0:::::::*
	cpe:2.3:a:ibm:java:6.0.9.0:::::::*
	cpe:2.3:a:ibm:java:6.0.13.0:::::::*
	cpe:2.3:a:ibm:java:6.0.10.1:::::::*
	cpe:2.3:a:ibm:java:6.0.10.0:::::::*
	cpe:2.3:a:ibm:java:6.0.13.2:::::::*
	cpe:2.3:a:ibm:java:6.0.6.0:::::::*
	cpe:2.3:a:ibm:java:6.0.1.0:::::::*
	cpe:2.3:a:ibm:java:6.0.9.1:::::::*
	cpe:2.3:a:ibm:java:6.0.12.0:::::::*
	cpe:2.3:a:ibm:java:6.0.2.0:::::::*
	cpe:2.3:a:ibm:java:6.0.11.0:::::::*
	cpe:2.3:a:ibm:java:6.0.5.0:::::::*
	cpe:2.3:a:ibm:java:6.0.7.0:::::::*
	cpe:2.3:a:ibm:java:6.0.4.0:::::::*
	cpe:2.3:a:ibm:java:6.0.9.2:::::::*
	cpe:2.3:a:ibm:java:6.0.13.1:::::::*
	cpe:2.3:a:ibm:java:6.0.0.0:::::::*
	cpe:2.3:a:ibm:java:6.0.8.1:::::::*
	cpe:2.3:a:ibm:java:6.0.8.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ibm:java:7.0.0.0:::::::*
	cpe:2.3:a:ibm:java:7.0.2.0:::::::*
	cpe:2.3:a:ibm:java:7.0.4.2:::::::*
	cpe:2.3:a:ibm:java:7.0.1.0:::::::*
	cpe:2.3:a:ibm:java:7.0.4.1:::::::*
	cpe:2.3:a:ibm:java:7.0.3.0:::::::*
	cpe:2.3:a:ibm:java:7.0.4.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:oracle:jre:1.7.0:update40::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update40::::::
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jdk:1.5.0:update51::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update60::::::
	cpe:2.3:a:oracle:jre:1.5.0:update51::::::
	cpe:2.3:a:oracle:jre:1.6.0:update60::::::

Configuration 5 (hide)

cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:ibm:host_on-demand:11.0:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.8:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.3:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.5:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.7:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.1:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.6:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.4:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.2:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.5.1:::::::*
	cpe:2.3:a:ibm:host_on-demand:11.0.6.1:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

Configuration 8 (hide)

AND

OR	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:::::::*
	cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:::::::*
	cpe:2.3:a:ibm:sterling_file_gateway:2.1:::::::*
	cpe:2.3:a:ibm:sterling_file_gateway:2.2:::::::*

OR	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:i:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

Configuration 9 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
	cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_java:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_java:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_java:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*

Configuration 10 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Configuration 11 (hide)

cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*

Information

Published : 2013-07-23 04:03

Updated : 2022-05-13 07:57

NVD link : CVE-2013-4002

Mitre link : CVE-2013-4002

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

suse

linux_enterprise_desktop
linux_enterprise_java
linux_enterprise_server
linux_enterprise_sdk

ibm

host_on-demand
sterling_file_gateway
i
tivoli_application_dependency_discovery_manager
aix
java
sterling_b2b_integrator

canonical

ubuntu_linux

oracle

jdk
solaris
jre
jrockit

hp-ux

linux

linux_kernel

microsoft

windows

opensuse

opensuse

apache

xerces2_java

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", "name": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", "name": "SUSE-SU-2013:1293", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", "name": "SUSE-SU-2013:1305", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", "name": "SUSE-SU-2013:1255", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", "name": "SUSE-SU-2013:1256", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html", "name": "RHSA-2013:1081", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html", "name": "RHSA-2013:1060", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/61310", "name": "61310", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", "name": "SUSE-SU-2013:1257", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172", "name": "http://www.ibm.com/support/docview.wss?uid=swg21648172", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "name": "RHSA-2013:1440", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "name": "RHSA-2013:1451", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "name": "RHSA-2013:1447", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://support.apple.com/kb/HT5982", "name": "http://support.apple.com/kb/HT5982", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "name": "APPLE-SA-2013-10-15-1", "tags": ["Broken Link", "Mailing List"], "refsource": "APPLE"}, {"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "name": "openSUSE-SU-2013:1663", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2033-1", "name": "USN-2033-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "name": "SUSE-SU-2013:1666", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "name": "RHSA-2013:1505", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", "name": "IC98015", "tags": ["Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "name": "HPSBUX02944", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "name": "HPSBUX02943", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/56257", "name": "56257", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html", "name": "RHSA-2013:1059", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.ubuntu.com/usn/USN-2089-1", "name": "USN-2089-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "name": "GLSA-201406-32", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html", "name": "RHSA-2014:1822", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html", "name": "RHSA-2014:1818", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html", "name": "RHSA-2014:1821", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html", "name": "RHSA-2014:1823", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "name": "RHSA-2015:0675", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "name": "RHSA-2015:0720", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "name": "RHSA-2015:0765", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html", "name": "RHSA-2015:0773", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", "name": "ibm-java-cve20134002-dos(85260)", "tags": ["VDB Entry", "Vendor Advisory"], "refsource": "XF"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", "name": "SUSE-SU-2013:1263", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "https://access.redhat.com/errata/RHSA-2014:0414", "name": "RHSA-2014:0414", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E", "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "name": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://issues.apache.org/jira/browse/XERCESJ-1679", "name": "https://issues.apache.org/jira/browse/XERCESJ-1679", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", "name": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4002", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-07-23T11:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "r27.7.6", "versionStartIncluding": "r27.7.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "r28.2.8", "versionStartIncluding": "r28.0.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.12.0", "versionStartIncluding": "2.4.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-05-13T14:57Z"}

7.1 /10