Vulnerability Description
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Java | 5.0.0.0 |
| Oracle | Jdk | 1.5.0 |
| Oracle | Jre | 1.5.0 |
| Oracle | Jrockit | >= r27.7.0, <= r27.7.6 |
| Ibm | Sterling B2B Integrator | 5.2.4 |
| Ibm | Host On-Demand | 11.0 |
| Microsoft | Windows | - |
| Ibm | Tivoli Application Dependency Discovery Manager | 7.2.2 |
| Ibm | Aix | - |
| Linux | Linux Kernel | - |
| Oracle | Solaris | - |
| Ibm | Sterling File Gateway | 2.1 |
| Hp | Hp-Ux | - |
| Ibm | I | - |
| Opensuse | Opensuse | 12.2 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Java | 10 |
| Suse | Linux Enterprise Sdk | 11 |
| Suse | Linux Enterprise Server | 9 |
| Canonical | Ubuntu Linux | 10.04 |
References
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlBroken LinkMailing List
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=138674031212883&w=2Issue TrackingMailing ListThird Party Advisory
- http://marc.info/?l=bugtraq&m=138674073720143&w=2Issue TrackingMailing ListThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1059.htmlBroken Link
- http://rhn.redhat.com/errata/RHSA-2013-1060.htmlBroken Link
- http://rhn.redhat.com/errata/RHSA-2013-1081.htmlBroken Link
- http://rhn.redhat.com/errata/RHSA-2013-1440.htmlBroken Link
FAQ
What is CVE-2013-4002?
CVE-2013-4002 is a vulnerability with a CVSS score of 7.1 (HIGH). XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 ...
How severe is CVE-2013-4002?
CVE-2013-4002 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4002?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java, Oracle Jdk, Oracle Jre, Oracle Jrockit, Ibm Sterling B2B Integrator.