CVE-2009-2625

Priority
Description
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime
Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0
before Update 20, and in other products, allows remote attackers to cause a
denial of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework.
Notes
 jdstrand> this originally come out as a bug in expat (#1990430).
  CVE-2009-3720 was later assigned to this identical issue, since
  this issue was worded as a Java vulnerability. Our USN references
  this CVE and CVE-2009-3720 will be ignored.
Package
Upstream:released (6b16)
Package
Upstream:released (1.5.0-20)
Package
Upstream:released (6.15)
More Information

Updated: 2019-03-19 11:50:22 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)