CVE-2009-2625 (retired)

Priority
Description
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime
Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0
before Update 20, and in other products, allows remote attackers to cause a
denial of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework.
Notes
 jdstrand> this originally come out as a bug in expat (#1990430).
  CVE-2009-3720 was later assigned to this identical issue, since
  this issue was worded as a Java vulnerability. Our USN references
  this CVE and CVE-2009-3720 will be ignored.
Package
Upstream:released (6b16)
Package
Upstream:released (1.5.0-20)
Package
Upstream:released (6.15)
More Information

Updated: 2019-08-23 08:36:14 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)