CVE-2022-34169

Published on: Not Yet Published

Last Modified on: 05/05/2023 08:15:00 AM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Xalan-java from Apache contain the following vulnerability:

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

  • CVE-2022-34169 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Apache Xalan-J version <= 2.7.2

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVE References

Description Tags Link
oss-security - Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets www.openwall.com
text/html
URL Logo MLIST [oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
Debian -- Security Information -- DSA-5192-1 openjdk-17 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5192
oss-security - CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets www.openwall.com
text/html
URL Logo MLIST [oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
[SECURITY] Fedora 35 Update: java-11-openjdk-11.0.16.0.8-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo MISC lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-1.8.0.342.b07-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo MISC lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
[SECURITY] Fedora 36 Update: java-latest-openjdk-18.0.2.0.9-1.rolling.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo MISC lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.342.b07-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo MISC lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
oss-security - Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets www.openwall.com
text/html
URL Logo MLIST [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
[SECURITY] Fedora 35 Update: java-latest-openjdk-18.0.2.0.9-1.rolling.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo MISC lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
July 2022 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20220729-0009/
Debian -- Security Information -- DSA-5188-1 openjdk-11 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5188
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
oss-security - Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets www.openwall.com
text/html
URL Logo MLIST [oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
[SECURITY] [DLA 3155-1] bcel security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update
[SECURITY] Fedora 36 Update: java-11-openjdk-11.0.16.0.8-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo MISC lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
No Description Provided lists.apache.org
text/html
URL Logo MISC lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
oss-security - Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing www.openwall.com
text/html
URL Logo MLIST [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
Xalan-J XSLTC Integer Truncation ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
No Description Provided lists.apache.org
text/html
URL Logo MISC lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
oss-security - Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets www.openwall.com
text/html
URL Logo MLIST [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
Debian -- Security Information -- DSA-5256-1 bcel www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5256
oss-security - Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing www.openwall.com
text/html
URL Logo MLIST [oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

Related QID Numbers

  • 159992 Oracle Enterprise Linux Security Update for java-11-openjdk (ELSA-2022-5683)
  • 159993 Oracle Enterprise Linux Security Update for java-11-openjdk (ELSA-2022-5687)
  • 159994 Oracle Enterprise Linux Security Update for java-11-openjdk (ELSA-2022-5695)
  • 159995 Oracle Enterprise Linux Security Update for java-1.8.0-openjdk (ELSA-2022-5698)
  • 159996 Oracle Enterprise Linux Security Update for java-1.8.0-openjdk (ELSA-2022-5696)
  • 159997 Oracle Enterprise Linux Security Update for java-1.8.0-openjdk (ELSA-2022-5709)
  • 159999 Oracle Enterprise Linux Security Update for java-17-openjdk (ELSA-2022-5726)
  • 160000 Oracle Enterprise Linux Security Update for java-17-openjdk (ELSA-2022-5736)
  • 180895 Debian Security Update for openjdk-11 (DSA 5188-1)
  • 180901 Debian Security Update for openjdk-17 (DSA 5192-1)
  • 181143 Debian Security Update for bcel (DLA 3155-1)
  • 181144 Debian Security Update for bcel (DSA 5256-1)
  • 198886 Ubuntu Security Notification for Open Java Development Toolkit (OpenJDK) Vulnerabilities (USN-5546-1)
  • 20262 Oracle Database 21c Critical Patch Update - July 2022
  • 20263 Oracle Database 19c Critical Patch Update - July 2022
  • 20264 Oracle Database 12.1.0.2 Critical Patch Update - July 2022
  • 20265 Oracle Database 12.1.0.2 Critical Patch Update - July 2022 (Unauthenticated)
  • 20270 Oracle Database 21c Critical Patch Update - October 2022
  • 240546 Red Hat Update for java-11-openjdk security (RHSA-2022:5683)
  • 240547 Red Hat Update for java-11-openjdk security (RHSA-2022:5687)
  • 240548 Red Hat Update for java-11-openjdk (RHSA-2022:5684)
  • 240549 Red Hat Update for java-11-openjdk (RHSA-2022:5681)
  • 240553 Red Hat Update for java-1.8.0-openjdk (RHSA-2022:5700)
  • 240554 Red Hat Update for java-11-openjdk security (RHSA-2022:5695)
  • 240555 Red Hat Update for java-1.8.0-openjdk security (RHSA-2022:5696)
  • 240556 Red Hat Update for java-1.8.0-openjdk (RHSA-2022:5697)
  • 240557 Red Hat Update for java-1.8.0-openjdk security (RHSA-2022:5698)
  • 240558 Red Hat Update for java-1.8.0-openjdk security (RHSA-2022:5709)
  • 240560 Red Hat Update for java-17-openjdk security (RHSA-2022:5726)
  • 240564 Red Hat Update for java-17-openjdk security (RHSA-2022:5736)
  • 257174 CentOS Security Update for java-1.8.0-openjdk Security Update (CESA-2022:5698)
  • 257176 CentOS Security Update for java-11-openjdk (CESA-2022:5687)
  • 282975 Fedora Security Update for java (FEDORA-2022-34584d4257)
  • 283005 Fedora Security Update for java (FEDORA-2022-80afe2304a)
  • 283006 Fedora Security Update for java (FEDORA-2022-19b6f21746)
  • 283007 Fedora Security Update for java (FEDORA-2022-d26586b419)
  • 283008 Fedora Security Update for java (FEDORA-2022-ae563934f7)
  • 283009 Fedora Security Update for java (FEDORA-2022-64431bccec)
  • 283010 Fedora Security Update for java (FEDORA-2022-b76ab52e73)
  • 283011 Fedora Security Update for java (FEDORA-2022-e573851f56)
  • 296082 Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)
  • 353996 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2-2022-1824
  • 354004 Amazon Linux Security Advisory for java-11-amazon-corretto : ALAS2-2022-1823
  • 354019 Amazon Linux Security Advisory for java-1.8.0-amazon-corretto : ALAS2CORRETTO8-2022-003
  • 354021 Amazon Linux Security Advisory for java-11-amazon-corretto : ALAS2-2022-1822
  • 354045 Amazon Linux Security Advisory for java-1.8.0-openjdk : ALAS-2022-1631
  • 354052 Amazon Linux Security Advisory for java-1.7.0-openjdk : ALAS-2022-1633
  • 354054 Amazon Linux Security Advisory for java-1.7.0-openjdk : ALAS2-2022-1835
  • 354057 Amazon Linux Security Advisory for java-1.8.0-openjdk : ALAS2-2022-1836
  • 354059 Amazon Linux Security Advisory for java-11-openjdk : ALAS2JAVA-OPENJDK11-2022-002
  • 354294 Amazon Linux Security Advisory for java-11-amazon-corretto : ALAS2022-2022-153
  • 354303 Amazon Linux Security Advisory for java-1.8.0-amazon-corretto : ALAS2022-2022-111
  • 354334 Amazon Linux Security Advisory for java-11-amazon-corretto : ALAS2022-2022-120
  • 354375 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2022-2022-113
  • 354396 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2022-2022-151
  • 354400 Amazon Linux Security Advisory for java-11-amazon-corretto : ALAS2022-2022-112
  • 354455 Amazon Linux Security Advisory for java-1.8.0-amazon-corretto : ALAS2022-2022-119
  • 354472 Amazon Linux Security Advisory for java-1.8.0-amazon-corretto : ALAS2022-2022-152
  • 354523 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2022-2022-121
  • 376733 Oracle Java Standard Edition (SE) Critical Patch Update - July 2022 (CPUJUL2022)
  • 376756 Amazon Corretto Critical Patch Update (JUL2022)
  • 376761 Azul Java Multiple Vulnerabilities Security Update July 2022
  • 376896 Alibaba Cloud Linux Security Update for java-17-openjdk (ALINUX3-SA-2022:0145)
  • 376920 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX3-SA-2022:0141)
  • 377051 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX2-SA-2022:0033)
  • 377164 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX3-SA-2022:0143)
  • 377216 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX2-SA-2022:0034)
  • 378378 Red Hat OpenJDK 8u342 Windows Builds release and Security Update (RHSA-2022:5753)
  • 378379 Red Hat OpenJDK 11.0.16 Security Update for Windows Builds (RHSA-2022:5756)
  • 378380 Red Hat OpenJDK 17.0.4 Security Update for Windows Builds (RHSA-2022:5757)
  • 378427 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUAPR2023)
  • 502455 Alpine Linux Security Update for openjdk15
  • 502456 Alpine Linux Security Update for openjdk17
  • 502468 Alpine Linux Security Update for openjdk11
  • 502484 Alpine Linux Security Update for openjdk13
  • 502488 Alpine Linux Security Update for openjdk8
  • 502578 Alpine Linux Security Update for openjdk11
  • 672144 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2022-2440)
  • 672195 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2022-2465)
  • 672212 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2022-2617)
  • 672213 EulerOS Security Update for java-1.7.0-openjdk (EulerOS-SA-2022-2616)
  • 752413 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2022:2610-1)
  • 752418 SUSE Enterprise Linux Security Update for java-17-openjdk (SUSE-SU-2022:2660-1)
  • 752450 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2022:2707-1)
  • 752468 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2022:2819-1)
  • 752491 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2022:2856-1)
  • 752507 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:2899-1)
  • 752510 SUSE Enterprise Linux Security Update for java-1_7_1-ibm (SUSE-SU-2022:2898-1)
  • 752526 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:2949-1)
  • 752556 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:3152-1)
  • 752883 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:4166-1)
  • 902573 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (10371)
  • 940599 AlmaLinux Security Update for java-11-openjdk (ALSA-2022:5683)
  • 940601 AlmaLinux Security Update for java-1.8.0-openjdk (ALSA-2022:5696)
  • 940619 AlmaLinux Security Update for java-1.8.0-openjdk (ALSA-2022:5709)
  • 940621 AlmaLinux Security Update for java-17-openjdk (ALSA-2022:5736)
  • 940628 AlmaLinux Security Update for java-11-openjdk (ALSA-2022:5695)
  • 960159 Rocky Linux Security Update for java-17-openjdk (RLSA-2022:5726)
  • 960160 Rocky Linux Security Update for java-1.8.0-openjdk (RLSA-2022:5696)
  • 960161 Rocky Linux Security Update for java-11-openjdk (RLSA-2022:5683)

Exploit/POC from Github

https://nvd.nist.gov/vuln/detail/CVE-2022-34169

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheXalan-javaAllAllAllAll
ApplicationAzulZulu11.56AllAllAll
ApplicationAzulZulu11.57AllAllAll
ApplicationAzulZulu11.58AllAllAll
ApplicationAzulZulu13.48AllAllAll
ApplicationAzulZulu13.49AllAllAll
ApplicationAzulZulu13.50AllAllAll
ApplicationAzulZulu15.40AllAllAll
ApplicationAzulZulu15.41AllAllAll
ApplicationAzulZulu15.42AllAllAll
ApplicationAzulZulu17.34AllAllAll
ApplicationAzulZulu17.35AllAllAll
ApplicationAzulZulu17.36AllAllAll
ApplicationAzulZulu18.30AllAllAll
ApplicationAzulZulu18.32AllAllAll
ApplicationAzulZulu6.47AllAllAll
ApplicationAzulZulu6.49AllAllAll
ApplicationAzulZulu7.54AllAllAll
ApplicationAzulZulu7.55AllAllAll
ApplicationAzulZulu7.56AllAllAll
ApplicationAzulZulu8.62AllAllAll
ApplicationAzulZulu8.63AllAllAll
ApplicationAzulZulu8.64AllAllAll
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux11.0AllAllAll
Operating
System
FedoraprojectFedora35AllAllAll
Operating
System
FedoraprojectFedora36AllAllAll
ApplicationNetapp7-mode Transition Tool-AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
ApplicationNetappCloud Insights Acquisition Unit-AllAllAll
ApplicationNetappCloud Secure Agent-AllAllAll
Hardware Device InfoNetappHci Compute Node-AllAllAll
ApplicationNetappHci Management Node-AllAllAll
ApplicationNetappOncommand Insight-AllAllAll
ApplicationNetappSolidfire-AllAllAll
ApplicationOracleGraalvm20.3.6AllAllAll
ApplicationOracleGraalvm21.3.2AllAllAll
ApplicationOracleGraalvm22.1.0AllAllAll
ApplicationOracleJdk1.7.0update343AllAll
ApplicationOracleJdk1.8.0update333AllAll
ApplicationOracleJdk11.0.15.1AllAllAll
ApplicationOracleJdk17.0.3.1AllAllAll
ApplicationOracleJdk18.0.1.1AllAllAll
ApplicationOracleJre1.7.0update343AllAll
ApplicationOracleJre1.8.0update333AllAll
ApplicationOracleJre11.0.15.1AllAllAll
ApplicationOracleJre17.0.3.1AllAllAll
ApplicationOracleJre18.0.1.1AllAllAll
ApplicationOracleOpenjdk18AllAllAll
ApplicationOracleOpenjdk7-AllAll
ApplicationOracleOpenjdk7update1AllAll
ApplicationOracleOpenjdk7update10AllAll
ApplicationOracleOpenjdk7update101AllAll
ApplicationOracleOpenjdk7update11AllAll
ApplicationOracleOpenjdk7update111AllAll
ApplicationOracleOpenjdk7update121AllAll
ApplicationOracleOpenjdk7update13AllAll
ApplicationOracleOpenjdk7update131AllAll
ApplicationOracleOpenjdk7update141AllAll
ApplicationOracleOpenjdk7update15AllAll
ApplicationOracleOpenjdk7update151AllAll
ApplicationOracleOpenjdk7update161AllAll
ApplicationOracleOpenjdk7update17AllAll
ApplicationOracleOpenjdk7update171AllAll
ApplicationOracleOpenjdk7update181AllAll
ApplicationOracleOpenjdk7update191AllAll
ApplicationOracleOpenjdk7update2AllAll
ApplicationOracleOpenjdk7update201AllAll
ApplicationOracleOpenjdk7update21AllAll
ApplicationOracleOpenjdk7update211AllAll
ApplicationOracleOpenjdk7update221AllAll
ApplicationOracleOpenjdk7update231AllAll
ApplicationOracleOpenjdk7update241AllAll
ApplicationOracleOpenjdk7update25AllAll
ApplicationOracleOpenjdk7update251AllAll
ApplicationOracleOpenjdk7update261AllAll
ApplicationOracleOpenjdk7update271AllAll
ApplicationOracleOpenjdk7update281AllAll
ApplicationOracleOpenjdk7update291AllAll
ApplicationOracleOpenjdk7update3AllAll
ApplicationOracleOpenjdk7update301AllAll
ApplicationOracleOpenjdk7update311AllAll
ApplicationOracleOpenjdk7update321AllAll
ApplicationOracleOpenjdk7update4AllAll
ApplicationOracleOpenjdk7update40AllAll
ApplicationOracleOpenjdk7update45AllAll
ApplicationOracleOpenjdk7update5AllAll
ApplicationOracleOpenjdk7update51AllAll
ApplicationOracleOpenjdk7update55AllAll
ApplicationOracleOpenjdk7update6AllAll
ApplicationOracleOpenjdk7update60AllAll
ApplicationOracleOpenjdk7update65AllAll
ApplicationOracleOpenjdk7update67AllAll
ApplicationOracleOpenjdk7update7AllAll
ApplicationOracleOpenjdk7update72AllAll
ApplicationOracleOpenjdk7update76AllAll
ApplicationOracleOpenjdk7update80AllAll
ApplicationOracleOpenjdk7update85AllAll
ApplicationOracleOpenjdk7update9AllAll
ApplicationOracleOpenjdk7update91AllAll
ApplicationOracleOpenjdk7update95AllAll
ApplicationOracleOpenjdk7update97AllAll
ApplicationOracleOpenjdk7update99AllAll
ApplicationOracleOpenjdk8-AllAll
ApplicationOracleOpenjdk8milestone1AllAll
ApplicationOracleOpenjdk8milestone2AllAll
ApplicationOracleOpenjdk8milestone3AllAll
ApplicationOracleOpenjdk8milestone4AllAll
ApplicationOracleOpenjdk8milestone5AllAll
ApplicationOracleOpenjdk8milestone6AllAll
ApplicationOracleOpenjdk8milestone7AllAll
ApplicationOracleOpenjdk8milestone8AllAll
ApplicationOracleOpenjdk8milestone9AllAll
ApplicationOracleOpenjdk8update101AllAll
ApplicationOracleOpenjdk8update102AllAll
ApplicationOracleOpenjdk8update11AllAll
ApplicationOracleOpenjdk8update111AllAll
ApplicationOracleOpenjdk8update112AllAll
ApplicationOracleOpenjdk8update121AllAll
ApplicationOracleOpenjdk8update131AllAll
ApplicationOracleOpenjdk8update141AllAll
ApplicationOracleOpenjdk8update151AllAll
ApplicationOracleOpenjdk8update152AllAll
ApplicationOracleOpenjdk8update161AllAll
ApplicationOracleOpenjdk8update162AllAll
ApplicationOracleOpenjdk8update171AllAll
ApplicationOracleOpenjdk8update172AllAll
ApplicationOracleOpenjdk8update181AllAll
ApplicationOracleOpenjdk8update191AllAll
ApplicationOracleOpenjdk8update192AllAll
ApplicationOracleOpenjdk8update20AllAll
ApplicationOracleOpenjdk8update201AllAll
ApplicationOracleOpenjdk8update202AllAll
ApplicationOracleOpenjdk8update211AllAll
ApplicationOracleOpenjdk8update212AllAll
ApplicationOracleOpenjdk8update221AllAll
ApplicationOracleOpenjdk8update222AllAll
ApplicationOracleOpenjdk8update231AllAll
ApplicationOracleOpenjdk8update232AllAll
ApplicationOracleOpenjdk8update241AllAll
ApplicationOracleOpenjdk8update242AllAll
ApplicationOracleOpenjdk8update25AllAll
ApplicationOracleOpenjdk8update252AllAll
ApplicationOracleOpenjdk8update262AllAll
ApplicationOracleOpenjdk8update271AllAll
ApplicationOracleOpenjdk8update281AllAll
ApplicationOracleOpenjdk8update282AllAll
ApplicationOracleOpenjdk8update291AllAll
ApplicationOracleOpenjdk8update301AllAll
ApplicationOracleOpenjdk8update302AllAll
ApplicationOracleOpenjdk8update31AllAll
ApplicationOracleOpenjdk8update312AllAll
ApplicationOracleOpenjdk8update322AllAll
ApplicationOracleOpenjdk8update332AllAll
ApplicationOracleOpenjdk8update40AllAll
ApplicationOracleOpenjdk8update45AllAll
ApplicationOracleOpenjdk8update5AllAll
ApplicationOracleOpenjdk8update51AllAll
ApplicationOracleOpenjdk8update60AllAll
ApplicationOracleOpenjdk8update65AllAll
ApplicationOracleOpenjdk8update66AllAll
ApplicationOracleOpenjdk8update71AllAll
ApplicationOracleOpenjdk8update72AllAll
ApplicationOracleOpenjdk8update73AllAll
ApplicationOracleOpenjdk8update74AllAll
ApplicationOracleOpenjdk8update77AllAll
ApplicationOracleOpenjdk8update91AllAll
ApplicationOracleOpenjdk8update92AllAll
ApplicationOracleOpenjdkAllAllAllAll
ApplicationOracleOpenjdkAllAllAllAll
ApplicationOracleOpenjdkAllAllAllAll
ApplicationOracleOpenjdkAllAllAllAll
  • cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:11.57:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:13.49:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:15.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:17.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:18.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:6.49:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:7.55:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:7.56:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:8.63:*:*:*:*:*:*:*:
  • cpe:2.3:a:azul:zulu:8.64:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*:
  • cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2022-34169 : The #Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing m… twitter.com/i/web/status/1… 2022-07-19 17:48:43
Twitter Icon @itsec_jp IPA 重要 | Oracle Java の脆弱性対策について(CVE-2022-34169等) ift.tt/GxQhTj8 #itsec_jp 2022-07-20 02:59:52
Twitter Icon @securenews_web Oracle Java の脆弱性対策について(CVE-2022-34169等) - IPA [securenews.appsight.net/entries/14531] ipa.go.jp/security/ciadr… 2022-07-20 03:11:08
Twitter Icon @gesuno_jp Oracle Java の脆弱性対策について(CVE-2022-34169等)ift.tt/eFWAouw 2022-07-20 03:38:41
Twitter Icon @hamano_izm Oracle Java の脆弱性対策について(CVE-2022-34169等) ipa.go.jp/security/ciadr… 2022-07-20 03:52:46
Twitter Icon @junysb3 Oracle Java の脆弱性対策について(CVE-2022-34169等) | IPAセキュリティセンター:重要なセキュリティ情報 IPAセキュリティセンター:重要なセキュリティ情報 July 20, 2022 at 12:0… twitter.com/i/web/status/1… 2022-07-20 03:53:58
Twitter Icon @jexens Oracle Java の脆弱性対策について(CVE-2022-34169等) ift.tt/D0inlBz 2022-07-20 03:57:05
Twitter Icon @ohhara_shiojiri Oracle Java の脆弱性対策について(CVE-2022-34169等):IPA 独立行政法人 情報処理推進機構 ipa.go.jp/security/ciadr… 2022-07-20 04:10:32
Twitter Icon @TokyoSec Oracle Java の脆弱性対策について(CVE-2022-34169等) dlvr.it/SVB56d 2022-07-20 04:32:02
Twitter Icon @ICATalerts Oracle Java の脆弱性対策について(CVE-2022-34169等) dlvr.it/SVB8RD 2022-07-20 05:13:02
Twitter Icon @itsec_jp ICATalerts: Oracle Java の脆弱性対策について(CVE-2022-34169等) dlvr.it/SVB8RD twitter.com/ICATalerts/sta… #itsec_jp 2022-07-20 05:18:03
Twitter Icon @BhM4GaVtj03xzwB Javaに脆弱性が見つかりました!アップデートを! Oracle Java の脆弱性対策について(CVE-2022-34169等) ipa.go.jp/security/ciadr… 2022-07-20 10:22:23
Twitter Icon @tak_mita New post: 【後で読みたい!】Oracle Java の脆弱性対策について(CVE-2022-34169等) taksbar.link/?p=200890 2022-07-20 14:00:28
Twitter Icon @Har_sia CVE-2022-34169 har-sia.info/CVE-2022-34169… #HarsiaInfo 2022-07-20 15:01:10
Twitter Icon @Har_sia CVE-2022-34169 har-sia.info/CVE-2022-34169… #HarsiaInfo 2022-07-20 18:24:02
Twitter Icon @jpsecuritynews 2022/07/20[注意] Oracle Java の脆弱性対策について(CVE-2022-34169等) /security/ciadr/vul/20220720-jre.html #脆弱性 #セキュリティ 2022-07-21 01:00:41
Twitter Icon @oss_security CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicio… twitter.com/i/web/status/1… 2022-07-24 01:28:34
Twitter Icon @oss_security Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing mal… twitter.com/i/web/status/1… 2022-07-24 01:28:36
Twitter Icon @oss_security Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing mal… twitter.com/i/web/status/1… 2022-07-24 01:28:38
Twitter Icon @oss_security Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing mal… twitter.com/i/web/status/1… 2022-07-24 01:28:40
Reddit Logo Icon /r/netcve CVE-2022-34169 2022-07-19 19:38:43
Reddit Logo Icon /r/blueteamsec Xalan-J XSLT整数截断漏洞利用构造(CVE-2022-34169) - Xalan-J XSLT Integer Truncation Exploit Construct (CVE-2022-34169) - fully demonstrated exploit now out.. 2022-09-12 06:06:34
Reddit Logo Icon /r/websecurityresearch Xalan-J XSLT整数截断漏洞利用构造(CVE-2022-34169) - Xalan-J XSLT Integer Truncation Exploit Construct (CVE-2022-34169) - fully demonstrated exploit now out.. 2022-09-12 06:29:33
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report