Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-4002 | First vendor Publication | 2013-07-23 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21576 | |||
Oval ID: | oval:org.mitre.oval:def:21576 | ||
Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-4002 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26596 | |||
Oval ID: | oval:org.mitre.oval:def:26596 | ||
Title: | ELSA-2014-1319 -- xerces-j2 security update (Moderate) | ||
Description: | Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1319 CVE-2013-4002 | Version: | 3 |
Platform(s): | Oracle Linux 7 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27229 | |||
Oval ID: | oval:org.mitre.oval:def:27229 | ||
Title: | RHSA-2014:1319: xerces-j2 security update (Moderate) | ||
Description: | Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1319-00 CESA-2014:1319 CVE-2013-4002 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-10-17 | IAVM : 2013-A-0191 - Multiple Vulnerabilities in Java for Mac OS X Severity : Category I - VMSKEY : V0040779 |
2013-10-17 | IAVM : 2013-A-0200 - Multiple Vulnerabilities in Oracle Java Severity : Category I - VMSKEY : V0040783 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-09-14 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16872.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1669-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1256-1.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1822.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1821.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1818.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
2014-11-06 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_2014-001.nasl - Type : ACT_GATHER_INFO |
2014-11-03 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-436.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-193.nasl - Type : ACT_GATHER_INFO |
2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO |
2014-09-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO |
2014-09-30 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140929_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-09-30 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1319.nasl - Type : ACT_GATHER_INFO |
2014-09-26 | Name : The remote Fedora host is missing a security update. File : fedora_2014-10649.nasl - Type : ACT_GATHER_INFO |
2014-09-26 | Name : The remote Fedora host is missing a security update. File : fedora_2014-10626.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-10617.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-847.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2124-2.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2124-1.nasl - Type : ACT_GATHER_INFO |
2014-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2089-1.nasl - Type : ACT_GATHER_INFO |
2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-131129.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2033-1.nasl - Type : ACT_GATHER_INFO |
2013-11-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-267.nasl - Type : ACT_GATHER_INFO |
2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-246.nasl - Type : ACT_GATHER_INFO |
2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-235.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-131104.nasl - Type : ACT_GATHER_INFO |
2013-11-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1505.nasl - Type : ACT_GATHER_INFO |
2013-11-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO |
2013-11-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO |
2013-11-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131105_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
2013-10-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO |
2013-10-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131022_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-10-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO |
2013-10-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO |
2013-10-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1451.nasl - Type : ACT_GATHER_INFO |
2013-10-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO |
2013-10-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1447.nasl - Type : ACT_GATHER_INFO |
2013-10-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131021_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1440.nasl - Type : ACT_GATHER_INFO |
2013-10-17 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
2013-10-17 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_oct_2013_unix.nasl - Type : ACT_GATHER_INFO |
2013-10-16 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update17.nasl - Type : ACT_GATHER_INFO |
2013-10-16 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-005.nasl - Type : ACT_GATHER_INFO |
2013-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130723.nasl - Type : ACT_GATHER_INFO |
2013-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130723.nasl - Type : ACT_GATHER_INFO |
2013-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1081.nasl - Type : ACT_GATHER_INFO |
2013-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1059.nasl - Type : ACT_GATHER_INFO |
2013-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1060.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 12:36:07 |
|
2023-11-07 21:46:02 |
|
2022-05-13 21:28:03 |
|
2022-04-20 09:23:52 |
|
2021-09-22 21:23:57 |
|
2021-09-22 17:23:23 |
|
2021-05-04 12:27:05 |
|
2021-04-22 01:32:46 |
|
2020-05-23 00:37:51 |
|
2018-12-21 21:22:00 |
|
2018-12-19 00:19:20 |
|
2018-01-05 09:23:17 |
|
2017-11-29 09:21:45 |
|
2017-08-29 09:24:17 |
|
2016-04-26 23:29:40 |
|
2015-09-15 13:23:41 |
|
2015-05-21 13:30:42 |
|
2015-04-07 09:26:34 |
|
2015-03-28 09:25:39 |
|
2015-03-21 00:25:13 |
|
2015-03-20 00:25:06 |
|
2015-03-18 09:26:07 |
|
2014-12-10 09:23:59 |
|
2014-12-08 21:25:38 |
|
2014-12-03 21:26:12 |
|
2014-12-03 09:26:37 |
|
2014-11-12 13:27:04 |
|
2014-11-08 13:31:02 |
|
2014-11-07 13:26:14 |
|
2014-11-04 13:27:25 |
|
2014-10-04 13:30:55 |
|
2014-10-03 13:27:16 |
|
2014-10-02 13:27:12 |
|
2014-10-01 13:27:18 |
|
2014-09-26 13:27:25 |
|
2014-09-24 13:28:07 |
|
2014-08-23 13:27:38 |
|
2014-07-01 13:25:18 |
|
2014-06-14 13:35:57 |
|
2014-05-13 13:24:58 |
|
2014-03-06 13:22:34 |
|
2014-02-17 11:21:37 |
|
2014-01-30 13:19:55 |
|
2014-01-14 13:20:32 |
|
2014-01-08 13:19:53 |
|
2013-12-24 13:19:05 |
|
2013-12-08 13:19:27 |
|
2013-11-13 13:19:16 |
|
2013-11-11 12:40:42 |
|
2013-11-06 13:29:58 |
|
2013-10-31 13:20:31 |
|
2013-10-24 13:22:18 |
|
2013-09-11 13:20:52 |
|
2013-08-22 17:20:43 |
|
2013-07-23 21:19:24 |
|