Executive Summary

Informations
Name MDVSA-2014:193 First vendor Publication 2014-10-01
Vendor Mandriva Last vendor Modification 2014-10-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU (CVE-2013-4002).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:193

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21131
 
Oval ID: oval:org.mitre.oval:def:21131
Title: RHSA-2013:1060: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1060-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3744
CVE-2013-4002
Version: 607
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21196
 
Oval ID: oval:org.mitre.oval:def:21196
Title: RHSA-2013:1081: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1081-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 383
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21219
 
Oval ID: oval:org.mitre.oval:def:21219
Title: RHSA-2013:1059: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1059-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 495
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21576
 
Oval ID: oval:org.mitre.oval:def:21576
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4002
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23596
 
Oval ID: oval:org.mitre.oval:def:23596
Title: ELSA-2013:1060: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1060-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3744
CVE-2013-4002
Version: 177
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24028
 
Oval ID: oval:org.mitre.oval:def:24028
Title: ELSA-2013:1081: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1081-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 113
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24095
 
Oval ID: oval:org.mitre.oval:def:24095
Title: ELSA-2013:1059: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1059-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 145
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26596
 
Oval ID: oval:org.mitre.oval:def:26596
Title: ELSA-2014-1319 -- xerces-j2 security update (Moderate)
Description: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-1319
CVE-2013-4002
Version: 3
Platform(s): Oracle Linux 7
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27229
 
Oval ID: oval:org.mitre.oval:def:27229
Title: RHSA-2014:1319: xerces-j2 security update (Moderate)
Description: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1319-00
CESA-2014:1319
CVE-2013-4002
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): xerces-j2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 43

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-10-17 IAVM : 2013-A-0191 - Multiple Vulnerabilities in Java for Mac OS X
Severity : Category I - VMSKEY : V0040779
2013-10-17 IAVM : 2013-A-0200 - Multiple Vulnerabilities in Oracle Java
Severity : Category I - VMSKEY : V0040783

Nessus® Vulnerability Scanner

Date Description
2015-09-14 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16872.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1669-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1256-1.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1822.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1821.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1818.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO
2014-11-06 Name : The remote host has a version of Java installed that is affected by multiple ...
File : macosx_java_2014-001.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-436.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-193.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140929_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1319.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10649.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10626.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10617.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-847.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_notes_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote server is affected by multiple vulnerabilities.
File : domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-01-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2089-1.nasl - Type : ACT_GATHER_INFO
2014-01-08 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2014-01-08 Name : The remote server is affected by multiple vulnerabilities.
File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2013-12-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-131129.nasl - Type : ACT_GATHER_INFO
2013-11-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2033-1.nasl - Type : ACT_GATHER_INFO
2013-11-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-267.nasl - Type : ACT_GATHER_INFO
2013-11-14 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-246.nasl - Type : ACT_GATHER_INFO
2013-11-14 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-235.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-131104.nasl - Type : ACT_GATHER_INFO
2013-11-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131105_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-11-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO
2013-11-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO
2013-11-06 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1505.nasl - Type : ACT_GATHER_INFO
2013-11-04 Name : The remote server is affected by multiple vulnerabilities.
File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-10-24 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131022_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-10-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO
2013-10-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1451.nasl - Type : ACT_GATHER_INFO
2013-10-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO
2013-10-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1447.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131021_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1440.nasl - Type : ACT_GATHER_INFO
2013-10-17 Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_oct_2013_unix.nasl - Type : ACT_GATHER_INFO
2013-10-17 Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-10-16 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_2013-005.nasl - Type : ACT_GATHER_INFO
2013-10-16 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update17.nasl - Type : ACT_GATHER_INFO
2013-07-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-130723.nasl - Type : ACT_GATHER_INFO
2013-07-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130723.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1081.nasl - Type : ACT_GATHER_INFO
2013-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1059.nasl - Type : ACT_GATHER_INFO
2013-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1060.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-10-03 13:27:23
  • Multiple Updates
2014-10-01 17:22:32
  • First insertion