5 - SUN-263489

Executive Summary

Summary
Title	Sun Alert 263489 A Security Vulnerability in the Java Runtime Environment (JRE) With Parsing XML Data May Allow a Remote Client to Create a Denial of Service (DoS) Condition

Informations
Name	SUN-263489	First vendor Publication	2009-08-05
Vendor	Sun	Last vendor Modification	2010-01-20
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java Standard Edition (Java SE)

A vulnerability in the Java Runtime Environment (JRE) with parsing XMLdata may allow a remote client to create a Denial of Service (DoS)condition on the system that the JRE runs on.

This issue is referenced in the following document:

CVE-2009-2625 at http://www.security-database.com/detail.php?cve=CVE-2009-2625

Sun acknowledges with thanks, Jukka Taimisto, Tero Rontti and RauliKaksonen from the CROSS project at Codenomicon Ltd, and CERT-FI for bringing this issue to our attention.

State: Resolved

First released: 05-Aug-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_263489_a_security

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13468

Oval ID:	oval:org.mitre.oval:def:13468
Title:	DSA-1921-1 expat -- denial of service
Description:	Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch1. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your expat packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1921-1 CVE-2009-2625	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	expat
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is powerpc AND Packages section lib64expat1 DPKG is earlier than 2.0.1-4+lenny1 AND lib64expat1-dev DPKG is earlier than 2.0.1-4+lenny1 AND xpat DPKG is earlier than 2.0.1-4+lenny1 AND libexpat1-dev DPKG is earlier than 2.0.1-4+lenny1 AND libexpat1 DPKG is earlier than 2.0.1-4+lenny1 OR Architecture depended section Supported architectures section Installed architecture is arm AND Installed architecture is armel AND Installed architecture is alpha AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libexpat1 DPKG is earlier than 2.0.1-4+lenny1 AND libexpat1-dev DPKG is earlier than 2.0.1-4+lenny1 AND xpat DPKG is earlier than 2.0.1-4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section xpat DPKG is earlier than 1.95.8-3.4+etch1 AND libexpat1-dev DPKG is earlier than 1.95.8-3.4+etch1 AND libexpat1 DPKG is earlier than 1.95.8-3.4+etch1

Definition Id: oval:org.mitre.oval:def:19769

Oval ID:	oval:org.mitre.oval:def:19769
Title:	DSA-1984-1 libxerces2-java - denial of service
Description:	It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family:	unix	Class:	patch
Reference(s):	DSA-1984-1 CVE-2009-2625	Version:	5
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 5.0	Product(s):	libxerces2-java
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND libxerces2-java DPKG is earlier than 0:2.8.1-1+etch1 AND Release section Debian GNU/Linux 5.0 is installed AND libxerces2-java DPKG is earlier than 0:2.9.1-2+lenny1

Definition Id: oval:org.mitre.oval:def:21986

Oval ID:	oval:org.mitre.oval:def:21986
Title:	RHSA-2011:0858: xerces-j2 security update (Moderate)
Description:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0858-01 CVE-2009-2625	Version:	4
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	xerces-j2
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section xerces-j2-javadoc-xni is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-other is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-demo is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-apis is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-impl is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2 is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-scripts is earlier than 0:2.7.1-12.6.el6_0

Definition Id: oval:org.mitre.oval:def:22921

Oval ID:	oval:org.mitre.oval:def:22921
Title:	ELSA-2009:1505: java-1.4.2-ibm security update (Moderate)
Description:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1505-01 CVE-2008-5349 CVE-2009-2625	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	java-1.4.2-ibm
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.4.2-ibm is earlier than 0:1.4.2.13.1-1jpp.1.el5 AND java-1.4.2-ibm-devel is earlier than 0:1.4.2.13.1-1jpp.1.el5 AND java-1.4.2-ibm-src is earlier than 0:1.4.2.13.1-1jpp.1.el5 AND java-1.4.2-ibm-demo is earlier than 0:1.4.2.13.1-1jpp.1.el5 AND java-1.4.2-ibm-javacomm is earlier than 0:1.4.2.13.1-1jpp.1.el5 AND java-1.4.2-ibm-plugin is earlier than 0:1.4.2.13.1-1jpp.1.el5 AND java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.13.1-1jpp.1.el5

Definition Id: oval:org.mitre.oval:def:23026

Oval ID:	oval:org.mitre.oval:def:23026
Title:	ELSA-2009:1615: xerces-j2 security update (Moderate)
Description:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1615-01 CVE-2009-2625	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	xerces-j2
Definition Synopsis:
Oracle Linux 5.x rpm test xerces-j2-demo is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-xni is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-other is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-scripts is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-apis is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-impl is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2 is earlier than 0:2.7.1-7jpp.2.el5_4.2

Definition Id: oval:org.mitre.oval:def:23701

Oval ID:	oval:org.mitre.oval:def:23701
Title:	ELSA-2011:0858: xerces-j2 security update (Moderate)
Description:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0858-01 CVE-2009-2625	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	xerces-j2
Definition Synopsis:
Oracle Linux 6.x rpm test xerces-j2-javadoc-xni is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-other is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-demo is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-apis is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-impl is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2 is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-scripts is earlier than 0:2.7.1-12.6.el6_0

Definition Id: oval:org.mitre.oval:def:27576

Oval ID:	oval:org.mitre.oval:def:27576
Title:	DEPRECATED: ELSA-2011-0858 -- xerces-j2 security update (moderate)
Description:	[0:2.7.1-12.6] - Add xerces-j2-CVE-2009-2625.patch - Resolves: rhbz#690931 CVE-2009-2625
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0858 CVE-2009-2625	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	xerces-j2
Definition Synopsis:
Oracle Linux 6.x Packages match section xerces-j2 is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-demo is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-apis is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-impl is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-other is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-javadoc-xni is earlier than 0:2.7.1-12.6.el6_0 AND xerces-j2-scripts is earlier than 0:2.7.1-12.6.el6_0

Definition Id: oval:org.mitre.oval:def:29047

Oval ID:	oval:org.mitre.oval:def:29047
Title:	RHSA-2009:1615 -- xerces-j2 security update (Moderate)
Description:	Updated xerces-j2 packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1615 CESA-2009:1615-CentOS 5 CVE-2009-2625	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	xerces-j2
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section xerces-j2-demo is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-apis is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-impl is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-other is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-xni is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2 is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-scripts is earlier than 0:2.7.1-7jpp.2.el5_4.2

Definition Id: oval:org.mitre.oval:def:7306

Oval ID:	oval:org.mitre.oval:def:7306
Title:	DSA-1984 libxerces2-java -- denial of service
Description:	It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family:	unix	Class:	patch
Reference(s):	DSA-1984 CVE-2009-2625	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libxerces2-java
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section libxerces2-java-doc is earlier than 2.9.1-2+lenny1 AND libxerces2-java is earlier than 2.9.1-2+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is mipsel AND libxerces2-java-gcj is earlier than 2.9.1-2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND libxerces2-java is earlier than 2.8.1-1+etch1

Definition Id: oval:org.mitre.oval:def:8045

Oval ID:	oval:org.mitre.oval:def:8045
Title:	DSA-1921 expat -- denial of service
Description:	Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family:	unix	Class:	patch
Reference(s):	DSA-1921 CVE-2009-2625	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	expat
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is powerpc AND Packages section lib64expat1 is earlier than 2.0.1-4+lenny1 AND lib64expat1-dev is earlier than 2.0.1-4+lenny1 AND expat is earlier than 2.0.1-4+lenny1 AND libexpat1-dev is earlier than 2.0.1-4+lenny1 AND libexpat1 is earlier than 2.0.1-4+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is arm AND Installed architecture is armel AND Installed architecture is alpha AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libexpat1 is earlier than 2.0.1-4+lenny1 AND expat is earlier than 2.0.1-4+lenny1 AND libexpat1-dev is earlier than 2.0.1-4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section expat is earlier than 1.95.8-3.4+etch1 AND libexpat1-dev is earlier than 1.95.8-3.4+etch1 AND libexpat1 is earlier than 1.95.8-3.4+etch1

Definition Id: oval:org.mitre.oval:def:8520

Oval ID:	oval:org.mitre.oval:def:8520
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2625	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
IF HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.23.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.23.00 AND Jre14.JRE14-COM version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.23.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.23.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.23.00 AND Jdk14.JDK14-COM version is less than 1.4.2.23.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.17.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.17.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.17.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.17.00 AND Jre15.JRE15-COM version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.17.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.17.00 AND Jdk15.JDK15-COM version is less than 1.5.0.17.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.05.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.05.00 AND Jdk60.JDK60-COM version is less than 1.6.0.05.00 AND Jre60.JRE60-COM version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.05.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.05.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.05.00

Definition Id: oval:org.mitre.oval:def:9356

Oval ID:	oval:org.mitre.oval:def:9356
Title:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Description:	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2625	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xerces-j2-demo is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2 is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-scripts is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.2.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.2.b09.el5 AND xerces-j2-javadoc-other is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.2.b09.el5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.2.b09.el5 AND xerces-j2-javadoc-apis is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.2.b09.el5 AND xerces-j2-javadoc-xni is earlier than 0:2.7.1-7jpp.2.el5_4.2 AND xerces-j2-javadoc-impl is earlier than 0:2.7.1-7jpp.2.el5_4.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Xerces2 Java cpe:2.3:a:apache:xerces2_java:2.9.1:::::::*	1
Application	Oracle Jdk cpe:2.3:a:oracle:jdk:1.6.0:update7:::::: cpe:2.3:a:oracle:jdk:1.6.0:-:::::: cpe:2.3:a:oracle:jdk:1.6.0:update10:::::: cpe:2.3:a:oracle:jdk:1.6.0:update1:::::: cpe:2.3:a:oracle:jdk:1.6.0:update2:::::: cpe:2.3:a:oracle:jdk:1.6.0:update3:::::: cpe:2.3:a:oracle:jdk:1.6.0:update4:::::: cpe:2.3:a:oracle:jdk:1.6.0:update12:::::: cpe:2.3:a:oracle:jdk:1.6.0:update13:::::: cpe:2.3:a:oracle:jdk:1.6.0:update14:::::: cpe:2.3:a:oracle:jdk:1.6.0:update5:::::: cpe:2.3:a:oracle:jdk:1.6.0:update6:::::: cpe:2.3:a:oracle:jdk:1.6.0:update11:::::: cpe:2.3:a:oracle:jdk:1.5.0:update17:::::: cpe:2.3:a:oracle:jdk:1.5.0:update18:::::: cpe:2.3:a:oracle:jdk:1.5.0:update19:::::: cpe:2.3:a:oracle:jdk:1.5.0:update3:::::: cpe:2.3:a:oracle:jdk:1.5.0:update4:::::: cpe:2.3:a:oracle:jdk:1.5.0:update5:::::: cpe:2.3:a:oracle:jdk:1.5.0:update6:::::: cpe:2.3:a:oracle:jdk:1.5.0:update7:::::: cpe:2.3:a:oracle:jdk:1.5.0:update8:::::: cpe:2.3:a:oracle:jdk:1.5.0:update9:::::: cpe:2.3:a:oracle:jdk:1.5.0:update2:::::: cpe:2.3:a:oracle:jdk:1.5.0:update15:::::: cpe:2.3:a:oracle:jdk:1.5.0:update14:::::: cpe:2.3:a:oracle:jdk:1.5.0:update11:::::: cpe:2.3:a:oracle:jdk:1.5.0:update13:::::: cpe:2.3:a:oracle:jdk:1.5.0:update12:::::: cpe:2.3:a:oracle:jdk:1.5.0:update10:::::: cpe:2.3:a:oracle:jdk:1.5.0:update1:::::: cpe:2.3:a:oracle:jdk:1.5.0:-:::::: cpe:2.3:a:oracle:jdk:1.5.0:update16::::::	33
Application	Oracle Primavera P6 Enterprise Project Portfolio Management cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:::::::* cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:::::::* cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:::::::*	3
Application	Oracle Primavera Web Services cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:::::: cpe:2.3:a:oracle:primavera_web_services:7.0:-:::::: cpe:2.3:a:oracle:primavera_web_services:6.2.1:::::::*	3
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	5
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:11:::::::* cpe:2.3:o:fedoraproject:fedora:10:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:11.2:::::::* cpe:2.3:o:opensuse:opensuse:11.1:::::::* cpe:2.3:o:opensuse:opensuse:11.0:::::::*	3
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:11:-:::::: cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::-:::* cpe:2.3:o:suse:linux_enterprise_server:10:sp2:::::: cpe:2.3:o:suse:linux_enterprise_server:9:::::::*	4

OpenVAS Exploits

Date	Description
2012-06-06	Name : RedHat Update for xerces-j2 RHSA-2011:0858-01 File : nvt/gb_RHSA-2011_0858-01_xerces-j2.nasl
2011-08-09	Name : CentOS Update for xerces-j2 CESA-2009:1615 centos5 i386 File : nvt/gb_CESA-2009_1615_xerces-j2_centos5_i386.nasl
2011-08-09	Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2011-06-20	Name : Mandriva Update for xerces-j2 MDVSA-2011:108 (xerces-j2) File : nvt/gb_mandriva_MDVSA_2011_108.nasl
2010-10-10	Name : FreeBSD Ports: apr File : nvt/freebsd_apr0.nasl
2010-05-28	Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl
2010-04-16	Name : Ubuntu Update for cmake vulnerabilities USN-890-6 File : nvt/gb_ubuntu_USN_890_6.nasl
2010-02-19	Name : Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 File : nvt/gb_ubuntu_USN_890_5.nasl
2010-01-29	Name : Ubuntu Update for python-xml vulnerabilities USN-890-4 File : nvt/gb_ubuntu_USN_890_4.nasl
2010-01-25	Name : Ubuntu Update for python2.4 vulnerabilities USN-890-3 File : nvt/gb_ubuntu_USN_890_3.nasl
2010-01-22	Name : Ubuntu Update for python2.5 vulnerabilities USN-890-2 File : nvt/gb_ubuntu_USN_890_2.nasl
2010-01-22	Name : Ubuntu Update for expat vulnerabilities USN-890-1 File : nvt/gb_ubuntu_USN_890_1.nasl
2010-01-15	Name : Mandriva Update for expat MDVSA-2009:316-3 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_3.nasl
2010-01-15	Name : Mandriva Update for davfs MDVSA-2009:220-1 (davfs) File : nvt/gb_mandriva_MDVSA_2009_220_1.nasl
2010-01-15	Name : Mandriva Update for expat MDVSA-2009:316-1 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_1.nasl
2010-01-15	Name : Mandriva Update for expat MDVSA-2009:316-2 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_2.nasl
2009-12-30	Name : CentOS Security Advisory CESA-2009:1615 (xerces-j2) File : nvt/ovcesa2009_1615.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:215-1 (audacity) File : nvt/mdksa_2009_215_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:219-1 (kompozer) File : nvt/mdksa_2009_219_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww) File : nvt/mdksa_2009_218_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird) File : nvt/mdksa_2009_217_3.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:211-1 (expat) File : nvt/mdksa_2009_211_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:212-1 (python) File : nvt/mdksa_2009_212_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:213-1 (wxgtk) File : nvt/mdksa_2009_213_1.nasl
2009-12-03	Name : RedHat Security Advisory RHSA-2009:1615 File : nvt/RHSA_2009_1615.nasl
2009-11-17	Name : RedHat Security Advisory RHSA-2009:1582 File : nvt/RHSA_2009_1582.nasl
2009-11-11	Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-11-11	Name : Debian Security Advisory DSA 1921-1 (expat) File : nvt/deb_1921_1.nasl
2009-10-27	Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl
2009-10-19	Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl
2009-10-19	Name : RedHat Security Advisory RHSA-2009:1505 File : nvt/RHSA_2009_1505.nasl
2009-10-13	Name : SLES10: Security update for Xerces-j2 File : nvt/sles10_xerces-j2.nasl
2009-10-13	Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm.nasl
2009-10-13	Name : Mandrake Security Advisory MDVSA-2009:217-1 (mozilla-thunderbird) File : nvt/mdksa_2009_217_1.nasl
2009-10-13	Name : Mandrake Security Advisory MDVSA-2009:217-2 (mozilla-thunderbird) File : nvt/mdksa_2009_217_2.nasl
2009-10-11	Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm0.nasl
2009-10-11	Name : SLES11: Security update for Xerces-j2 File : nvt/sles11_xerces-j2.nasl
2009-10-10	Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5059500.nasl
2009-09-09	Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:211 (expat) File : nvt/mdksa_2009_211.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:220 (davfs) File : nvt/mdksa_2009_220.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:219 (kompozer) File : nvt/mdksa_2009_219.nasl
2009-09-02	Name : RedHat Security Advisory RHSA-2009:1236 File : nvt/RHSA_2009_1236.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:218 (w3c-libwww) File : nvt/mdksa_2009_218.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:217 (mozilla-thunderbird) File : nvt/mdksa_2009_217.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird) File : nvt/mdksa_2009_216.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:215 (audacity) File : nvt/mdksa_2009_215.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:214 (python-celementtree) File : nvt/mdksa_2009_214.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:213 (wxgtk) File : nvt/mdksa_2009_213.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:212 (python) File : nvt/mdksa_2009_212.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk) File : nvt/mdksa_2009_209.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1199 File : nvt/RHSA_2009_1199.nasl
2009-08-17	Name : Ubuntu USN-814-1 (openjdk-6) File : nvt/ubuntu_814_1.nasl
2009-08-17	Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1201.nasl
2009-08-17	Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk) File : nvt/fcore_2009_8337.nasl
2009-08-17	Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk) File : nvt/fcore_2009_8329.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1201 File : nvt/RHSA_2009_1201.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1200 File : nvt/RHSA_2009_1200.nasl
0000-00-00	Name : Slackware Advisory SSA:2011-041-02 expat File : nvt/esoft_slk_ssa_2011_041_02.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
56984	Apache Xerces2 Java Malformed XML Input DoS

Nessus® Vulnerability Scanner

Date	Description
2016-11-30	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type : ACT_GATHER_INFO
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15905.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1537.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0858.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1615.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1637.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1636.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1649.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1650.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091130_xerces_j2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO
2011-06-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-108.nasl - Type : ACT_GATHER_INFO
2011-06-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0858.nasl - Type : ACT_GATHER_INFO
2011-04-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2011-02-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-02.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libicecore-6857.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libicecore-6862.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpython2_6-1_0-100323.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6523.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-6946.nasl - Type : ACT_GATHER_INFO
2010-06-22	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12591.nasl - Type : ACT_GATHER_INFO
2010-05-15	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpython2_6-1_0-100329.nasl - Type : ACT_GATHER_INFO
2010-05-15	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpython2_6-1_0-100330.nasl - Type : ACT_GATHER_INFO
2010-05-15	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpython2_6-1_0-100328.nasl - Type : ACT_GATHER_INFO
2010-05-14	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12600.nasl - Type : ACT_GATHER_INFO
2010-04-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-6.nasl - Type : ACT_GATHER_INFO
2010-03-31	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1921.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1984.nasl - Type : ACT_GATHER_INFO
2010-02-23	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-19	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-5.nasl - Type : ACT_GATHER_INFO
2010-01-27	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-4.nasl - Type : ACT_GATHER_INFO
2010-01-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-3.nasl - Type : ACT_GATHER_INFO
2010-01-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-2.nasl - Type : ACT_GATHER_INFO
2010-01-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-1.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1615.nasl - Type : ACT_GATHER_INFO
2009-12-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-316.nasl - Type : ACT_GATHER_INFO
2009-12-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1615.nasl - Type : ACT_GATHER_INFO
2009-11-23	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO
2009-11-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1505.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_xerces-j2-6445.nasl - Type : ACT_GATHER_INFO
2009-10-02	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6508.nasl - Type : ACT_GATHER_INFO
2009-10-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-090924.nasl - Type : ACT_GATHER_INFO
2009-10-01	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12511.nasl - Type : ACT_GATHER_INFO
2009-09-25	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO
2009-09-25	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xerces-j2-6449.nasl - Type : ACT_GATHER_INFO
2009-09-03	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO
2009-08-31	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO
2009-08-31	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kompozer-090827.nasl - Type : ACT_GATHER_INFO
2009-08-27	Name : The remote openSUSE host is missing a security update. File : suse_11_0_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO
2009-08-27	Name : The remote openSUSE host is missing a security update. File : suse_11_1_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO
2009-08-25	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-218.nasl - Type : ACT_GATHER_INFO
2009-08-25	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-219.nasl - Type : ACT_GATHER_INFO
2009-08-25	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-220.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-215.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-214.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-213.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-212.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-211.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO
2009-08-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10	Name : The remote Fedora host is missing a security update. File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO
2009-08-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-08-07	Name : The remote Fedora host is missing a security update. File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO
2007-10-18	Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris8_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris10_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris9_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119166-43 File : solaris9_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119166-43 File : solaris8_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119167-43 File : solaris9_x86_119167.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119167-43 File : solaris10_x86_119167.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119166-43 File : solaris10_119166.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
Oval ID(s)	12
CPE ID(s)	56
osvdb(s)	1
Openvas Exploit(s)	59
Nessus® Exploit(s)	99

	Related
5	CVE-2009-2625
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - SUN-263489

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU