{"api_version":"1","generated_at":"2026-04-23T06:08:00+00:00","cve":"CVE-2009-2625","urls":{"html":"https://cve.report/CVE-2009-2625","api":"https://cve.report/api/cve/CVE-2009-2625.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-2625","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-2625"},"summary":{"title":"CVE-2009-2625","description":"XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.","state":"PUBLISHED","assigner":"certcc","published_at":"2009-08-06 15:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2009/3316","name":"http://www.vupen.com/english/advisories/2009/3316","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","name":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2009/10/23/6","name":"http://www.openwall.com/lists/oss-security/2009/10/23/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: CVE Request -- expat [was: Re: Regarding expat\n bug 1990430]","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1201.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/37460","name":"http://secunia.com/advisories/37460","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"VMware Products Update for Multiple Packages - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:017","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html","name":"http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - January 2010","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1022680","name":"http://www.securitytracker.com/id?1022680","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityTracker.com Archives - Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38231","name":"http://secunia.com/advisories/38231","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Ubuntu update for expat - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/50549","name":"http://secunia.com/advisories/50549","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Security Advisory SA50549 - Red Hat update for JBoss Enterprise Portal Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1650.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/43300","name":"http://secunia.com/advisories/43300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38342","name":"http://secunia.com/advisories/38342","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian update for libxerces2-java - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE Security Announcement: IBM Java 6 (SUSE-SA:2009","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2010/dsa-1984","name":"http://www.debian.org/security/2010/dsa-1984","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-1984-1 libxerces2-java","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1636.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.networkworld.com/columnists/2009/080509-xml-flaw.html","name":"http://www.networkworld.com/columnists/2009/080509-xml-flaw.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"XML flaw threatens apps built with Sun, Apache, Python libraries\r\n - Network World","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2009/10/22/9","name":"http://www.openwall.com/lists/oss-security/2009/10/22/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Re: Regarding expat bug 1990430","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37300","name":"http://secunia.com/advisories/37300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"HP-UX update for JRE / JDK - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-012A.html","name":"http://www.us-cert.gov/cas/techalerts/TA10-012A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA10-012A -- Oracle Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1199.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1199.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2009/10/26/3","name":"http://www.openwall.com/lists/oss-security/2009/10/26/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: CVE Request -- expat [was: Re: Regarding expat\n bug 1990430]","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36162","name":"http://secunia.com/advisories/36162","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Fedora update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.codenomicon.com/labs/xml/","name":"http://www.codenomicon.com/labs/xml/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Codenomicon Labs | XML Security and Fuzzing","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/0359","name":"http://www.vupen.com/english/advisories/2011/0359","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-1615.html","name":"http://www.redhat.com/support/errata/RHSA-2009-1615.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2","name":"http://marc.info/?l=bugtraq&m=125787273209737&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"'[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege,' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Patch","Vendor Advisory"],"title":"#263489: A Security Vulnerability in the Java Runtime Environment (JRE) With Parsing XML Data May Allow a Remote Client to Create a Denial of Service (DoS) Condition","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1537.html","name":"http://rhn.redhat.com/errata/RHSA-2012-1537.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Patch"],"title":"#125136-16: Obsoleted by: 125136-17 JavaSE for business 6: update 15 patch (equivalent to JDK 6u15)","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1649.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.cert.fi/en/reports/2009/vulnerability2009085.html","name":"http://www.cert.fi/en/reports/2009/vulnerability2009085.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"CERT-FI - CERT-FI Advisory on XML libraries","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","name":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"APPLE-SA-2009-09-03-1 Java for Mac OS X 10.5 Update 5","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37754","name":"http://secunia.com/advisories/37754","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Sun Multiple Products XML Parsing Denial of Service - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html","name":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Oracle Critical Patch Update Advisory - October 2009","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/36176","name":"http://secunia.com/advisories/36176","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Red Hat update for java-1.6.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","name":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/35958","name":"http://www.securityfocus.com/bid/35958","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.redhat.com/support/errata/RHSA-2011-0858.html","name":"http://www.redhat.com/support/errata/RHSA-2011-0858.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html","name":"http://rhn.redhat.com/errata/RHSA-2012-1232.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E","name":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1200.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/37671","name":"http://secunia.com/advisories/37671","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/2543","name":"http://www.vupen.com/english/advisories/2009/2543","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1637.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h","name":"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"[Apache-SVN] Diff of /xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512921","name":"https://bugzilla.redhat.com/show_bug.cgi?id=512921","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"],"title":"Bug 512921 – CVE-2009-2625 xerces-j2, JDK: XML parsing Denial-Of-Service (6845701)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36180","name":"http://secunia.com/advisories/36180","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Red Hat update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","name":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"VMSA-2009-0016.1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:108","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Support / Security / Advisories /  / MDVSA-2011:108 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html","name":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2009/09/06/1","name":"http://www.openwall.com/lists/oss-security/2009/09/06/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: Re: expat bug 1990430","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36199","name":"http://secunia.com/advisories/36199","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Red Hat update for java-1.5.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-890-1","name":"http://www.ubuntu.com/usn/USN-890-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-890-1: Expat vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E","name":"MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-2625","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2625","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"xerces2_java","cpe6":"2.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"6.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"8.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"8.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"9.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"9.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"11.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update17","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update18","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update19","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.5.0","cpe7":"update9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"primavera_p6_enterprise_project_portfolio_management","cpe6":"6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"primavera_p6_enterprise_project_portfolio_management","cpe6":"6.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"primavera_p6_enterprise_project_portfolio_management","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"primavera_web_services","cpe6":"6.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"primavera_web_services","cpe6":"7.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"primavera_web_services","cpe6":"7.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise_server","cpe6":"10","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise_server","cpe6":"10","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise_server","cpe6":"11","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise_server","cpe6":"9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2009-2625","qid":"981447","title":"Java (maven) Security Update for xerces:xercesImpl (GHSA-334p-wv2m-w3vp)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T05:59:56.314Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"SSA:2011-041-02","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"},{"name":"RHSA-2009:1200","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html"},{"name":"RHSA-2009:1199","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1199.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"},{"name":"USN-890-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-890-1"},{"name":"36162","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36162"},{"name":"ADV-2009-2543","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/2543"},{"name":"DSA-1984","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2010/dsa-1984"},{"name":"[oss-security] 20091022 Re: Regarding expat bug 1990430","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/10/22/9"},{"name":"1021506","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"},{"name":"37460","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37460"},{"name":"RHSA-2009:1615","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2009-1615.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"name":"HPSBUX02476","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"37754","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37754"},{"name":"RHSA-2009:1637","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.cert.fi/en/reports/2009/vulnerability2009085.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.codenomicon.com/labs/xml/"},{"name":"36199","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36199"},{"name":"RHSA-2012:1537","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2012-1537.html"},{"name":"SUSE-SR:2010:013","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"name":"MDVSA-2009:209","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"name":"FEDORA-2009-8329","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"name":"RHSA-2011:0858","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2011-0858.html"},{"name":"SSRT090250","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"1022680","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022680"},{"name":"37671","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37671"},{"name":"38342","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38342"},{"name":"RHSA-2009:1636","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html"},{"name":"35958","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/35958"},{"name":"20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"name":"RHSA-2009:1649","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html"},{"name":"[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/10/26/3"},{"name":"TA09-294A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"name":"50549","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/50549"},{"name":"oval:org.mitre.oval:def:8520","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"},{"name":"36180","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36180"},{"name":"38231","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38231"},{"name":"272209","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"},{"name":"MDVSA-2011:108","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"},{"name":"36176","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36176"},{"name":"FEDORA-2009-8337","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"name":"43300","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/43300"},{"name":"oval:org.mitre.oval:def:9356","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"},{"name":"TA10-012A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA10-012A.html"},{"name":"SUSE-SR:2009:016","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"},{"name":"RHSA-2012:1232","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html"},{"name":"263489","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"},{"name":"37300","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37300"},{"name":"APPLE-SA-2009-09-03-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"name":"SUSE-SA:2009:053","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512921"},{"name":"RHSA-2009:1201","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html"},{"name":"SUSE-SR:2009:017","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"name":"[oss-security] 20090906 Re: Re: expat bug 1990430","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/09/06/1"},{"name":"[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/10/23/6"},{"name":"ADV-2011-0359","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2011/0359"},{"name":"ADV-2009-3316","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"name":"RHSA-2009:1650","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html"},{"name":"[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-08-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-03-20T16:06:10.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"SSA:2011-041-02","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"},{"name":"RHSA-2009:1200","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html"},{"name":"RHSA-2009:1199","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1199.html"},{"tags":["x_refsource_MISC"],"url":"http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"},{"name":"USN-890-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-890-1"},{"name":"36162","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36162"},{"name":"ADV-2009-2543","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/2543"},{"name":"DSA-1984","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2010/dsa-1984"},{"name":"[oss-security] 20091022 Re: Regarding expat bug 1990430","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/10/22/9"},{"name":"1021506","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"},{"name":"37460","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37460"},{"name":"RHSA-2009:1615","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2009-1615.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"name":"HPSBUX02476","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"37754","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37754"},{"name":"RHSA-2009:1637","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html"},{"tags":["x_refsource_MISC"],"url":"http://www.cert.fi/en/reports/2009/vulnerability2009085.html"},{"tags":["x_refsource_MISC"],"url":"http://www.codenomicon.com/labs/xml/"},{"name":"36199","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36199"},{"name":"RHSA-2012:1537","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2012-1537.html"},{"name":"SUSE-SR:2010:013","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"name":"MDVSA-2009:209","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"name":"FEDORA-2009-8329","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"name":"RHSA-2011:0858","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2011-0858.html"},{"name":"SSRT090250","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"1022680","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022680"},{"name":"37671","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37671"},{"name":"38342","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38342"},{"name":"RHSA-2009:1636","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html"},{"name":"35958","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/35958"},{"name":"20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"name":"RHSA-2009:1649","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html"},{"name":"[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/10/26/3"},{"name":"TA09-294A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"name":"50549","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/50549"},{"name":"oval:org.mitre.oval:def:8520","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"},{"name":"36180","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36180"},{"name":"38231","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38231"},{"name":"272209","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"},{"name":"MDVSA-2011:108","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"},{"name":"36176","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36176"},{"name":"FEDORA-2009-8337","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"name":"43300","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/43300"},{"name":"oval:org.mitre.oval:def:9356","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"},{"name":"TA10-012A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA10-012A.html"},{"name":"SUSE-SR:2009:016","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"},{"name":"RHSA-2012:1232","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html"},{"name":"263489","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"},{"tags":["x_refsource_CONFIRM"],"url":"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"},{"name":"37300","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37300"},{"name":"APPLE-SA-2009-09-03-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"name":"SUSE-SA:2009:053","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512921"},{"name":"RHSA-2009:1201","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html"},{"name":"SUSE-SR:2009:017","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"name":"[oss-security] 20090906 Re: Re: expat bug 1990430","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/09/06/1"},{"name":"[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/10/23/6"},{"name":"ADV-2011-0359","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2011/0359"},{"name":"ADV-2009-3316","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"name":"RHSA-2009:1650","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html"},{"name":"[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2009-2625","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"SSA:2011-041-02","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026"},{"name":"RHSA-2009:1200","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html"},{"name":"RHSA-2009:1199","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1199.html"},{"name":"http://www.networkworld.com/columnists/2009/080509-xml-flaw.html","refsource":"MISC","url":"http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"},{"name":"USN-890-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-890-1"},{"name":"36162","refsource":"SECUNIA","url":"http://secunia.com/advisories/36162"},{"name":"ADV-2009-2543","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/2543"},{"name":"DSA-1984","refsource":"DEBIAN","url":"http://www.debian.org/security/2010/dsa-1984"},{"name":"[oss-security] 20091022 Re: Regarding expat bug 1990430","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/10/22/9"},{"name":"1021506","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"},{"name":"37460","refsource":"SECUNIA","url":"http://secunia.com/advisories/37460"},{"name":"RHSA-2009:1615","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2009-1615.html"},{"name":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","refsource":"CONFIRM","url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"name":"HPSBUX02476","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"37754","refsource":"SECUNIA","url":"http://secunia.com/advisories/37754"},{"name":"RHSA-2009:1637","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html"},{"name":"http://www.cert.fi/en/reports/2009/vulnerability2009085.html","refsource":"MISC","url":"http://www.cert.fi/en/reports/2009/vulnerability2009085.html"},{"name":"http://www.codenomicon.com/labs/xml/","refsource":"MISC","url":"http://www.codenomicon.com/labs/xml/"},{"name":"36199","refsource":"SECUNIA","url":"http://secunia.com/advisories/36199"},{"name":"RHSA-2012:1537","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2012-1537.html"},{"name":"SUSE-SR:2010:013","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"name":"MDVSA-2009:209","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"name":"FEDORA-2009-8329","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"name":"RHSA-2011:0858","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2011-0858.html"},{"name":"SSRT090250","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"1022680","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022680"},{"name":"37671","refsource":"SECUNIA","url":"http://secunia.com/advisories/37671"},{"name":"38342","refsource":"SECUNIA","url":"http://secunia.com/advisories/38342"},{"name":"RHSA-2009:1636","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html"},{"name":"35958","refsource":"BID","url":"http://www.securityfocus.com/bid/35958"},{"name":"20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"name":"RHSA-2009:1649","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html"},{"name":"[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/10/26/3"},{"name":"TA09-294A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"name":"50549","refsource":"SECUNIA","url":"http://secunia.com/advisories/50549"},{"name":"oval:org.mitre.oval:def:8520","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"},{"name":"36180","refsource":"SECUNIA","url":"http://secunia.com/advisories/36180"},{"name":"38231","refsource":"SECUNIA","url":"http://secunia.com/advisories/38231"},{"name":"272209","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"},{"name":"MDVSA-2011:108","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"},{"name":"http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"},{"name":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"},{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"},{"name":"36176","refsource":"SECUNIA","url":"http://secunia.com/advisories/36176"},{"name":"FEDORA-2009-8337","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"name":"43300","refsource":"SECUNIA","url":"http://secunia.com/advisories/43300"},{"name":"oval:org.mitre.oval:def:9356","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"},{"name":"TA10-012A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA10-012A.html"},{"name":"SUSE-SR:2009:016","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"},{"name":"RHSA-2012:1232","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html"},{"name":"263489","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"},{"name":"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h","refsource":"CONFIRM","url":"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h"},{"name":"37300","refsource":"SECUNIA","url":"http://secunia.com/advisories/37300"},{"name":"APPLE-SA-2009-09-03-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"name":"SUSE-SA:2009:053","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=512921","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=512921"},{"name":"RHSA-2009:1201","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html"},{"name":"SUSE-SR:2009:017","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"name":"[oss-security] 20090906 Re: Re: expat bug 1990430","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/09/06/1"},{"name":"[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/10/23/6"},{"name":"ADV-2011-0359","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/0359"},{"name":"ADV-2009-3316","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/3316"},{"name":"RHSA-2009:1650","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html"},{"name":"[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2009-2625","datePublished":"2009-08-06T15:00:00.000Z","dateReserved":"2009-07-28T00:00:00.000Z","dateUpdated":"2024-08-07T05:59:56.314Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-08-06 15:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*","matchCriteriaId":"711BCDB5-83BC-4DBA-8097-2CD33617FD19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*","matchCriteriaId":"B5F20B3E-781F-4DC1-B939-B0EAFC515F71"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*","matchCriteriaId":"BEB37E93-38EB-4AEE-A3DD-D2097C0D6852"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*","matchCriteriaId":"59DED85A-153E-40B1-9ABA-D405204E464E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*","matchCriteriaId":"168E67FC-32BC-4DAE-B49C-840FD721D7AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*","matchCriteriaId":"83A2B4A2-ED27-4C12-871B-C0F78C3478FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*","matchCriteriaId":"9E8A5D2D-B620-449B-B599-51F5C9FC658C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*","matchCriteriaId":"9A39B469-5041-4715-B6AC-36D8777677EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*","matchCriteriaId":"F49DBD1F-D3F5-400B-AE2E-BC87B05A5051"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*","matchCriteriaId":"8E605982-97A2-4E5E-847E-2BB8AD77910C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*","matchCriteriaId":"848299EC-DE52-4511-BF53-C83022935964"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*","matchCriteriaId":"CD5BD598-ADBC-42EE-BF81-049D89CCA426"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*","matchCriteriaId":"64AC19E5-A20C-4D51-B465-ABCDBADF550A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*","matchCriteriaId":"A2CCCA1A-F0A1-4511-AF84-326DF406C0DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*","matchCriteriaId":"81B0BEF9-25FD-48F7-83BC-BEA31BC3A1BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*","matchCriteriaId":"4E6D8590-0A99-43E0-9256-9572112F9C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*","matchCriteriaId":"5F2A0870-A4D3-481B-8A37-A4DC282B0DE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*","matchCriteriaId":"20171515-B5A5-44D2-B7F7-21EDDE39989E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*","matchCriteriaId":"F734AF76-4CEE-4F9D-AD6A-6BECF1F977CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*","matchCriteriaId":"985B45F6-C285-4061-A656-A4C1A1FE59D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*","matchCriteriaId":"4A420DA5-1346-446B-8D23-E1E6DDBE527E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*","matchCriteriaId":"B8CA8719-7ABE-4279-B49E-C414794A4FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*","matchCriteriaId":"DC92B7EC-849F-4255-9D55-43681B8DADC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*","matchCriteriaId":"2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*","matchCriteriaId":"1F3C1E65-929A-4468-8584-F086E6E59839"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*","matchCriteriaId":"42C95C1D-0C2E-4733-AB1B-65650D88995D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*","matchCriteriaId":"47A9F499-D1E3-41BD-AC18-E8D3D3231C12"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*","matchCriteriaId":"D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*","matchCriteriaId":"344FA3EA-9E25-493C-976A-211D1404B251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*","matchCriteriaId":"D081A380-5AA4-4451-94A9-7B65810106E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*","matchCriteriaId":"112E7575-A3A0-4A94-AD39-7B2325B150B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*","matchCriteriaId":"708E8CEF-82EE-4D4B-ABF9-87AA4878F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*","matchCriteriaId":"D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*","matchCriteriaId":"7000D33B-F3C7-43E8-8FC7-9B97AADC3E12"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*","matchCriteriaId":"B3BB5EDB-520B-4DEF-B06E-65CA13152824"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*","matchCriteriaId":"1B42AB65-443B-4655-BAEA-4EB4A43D9509"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*","matchCriteriaId":"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*","matchCriteriaId":"A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*","matchCriteriaId":"4CD2D897-E321-4CED-92E0-11A98B52053C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*","matchCriteriaId":"22A79A35-05DB-4B9F-AD3E-EA6F933CF10C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*","matchCriteriaId":"79A35457-EAA3-4BF9-A4DA-B2E414A75A02"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*","matchCriteriaId":"F13F07CC-739B-465C-9184-0E9D708BD4C7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","matchCriteriaId":"0F92AB32-E7DE-43F4-B877-1F41FA162EC7"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*","matchCriteriaId":"8C757774-08E7-40AA-B532-6F705C8F7639"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*","matchCriteriaId":"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*","matchCriteriaId":"7EBFE35C-E243-43D1-883D-4398D71763CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*","matchCriteriaId":"4747CC68-FAF4-482F-929A-9DA6C24CB663"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*","matchCriteriaId":"A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*","matchCriteriaId":"A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*","matchCriteriaId":"4F920C50-FE0F-4915-965A-AA58884DF7A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"944FDBF2-1262-4B85-A7D3-537330144D22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*","matchCriteriaId":"57C2F58F-13AA-45C5-9172-8465B44CA9FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"2A3115EB-0671-4E0C-9B75-FACFD6D42B88"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*","matchCriteriaId":"F3376F25-51D0-4D84-AFC7-AD1C1BCA0191"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*","matchCriteriaId":"BDE00C3E-BB4E-4E71-86B8-E637BCD033A7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"AC3C1085-3255-449C-AFE3-984EFAC5BCCE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"2625","Ordinal":"1","Title":"CVE-2009-2625","CVE":"CVE-2009-2625","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"2625","Ordinal":"1","NoteData":"XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.","Type":"Description","Title":"CVE-2009-2625"},{"CveYear":"2009","CveId":"2625","Ordinal":"2","NoteData":"2009-08-06","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"2625","Ordinal":"3","NoteData":"2020-03-20","Type":"Other","Title":"Modified"}]}}}