XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
oryginał ENAV:N/AC:M/Au:N/C:N/I:N/A:CApache Xerces2 Java
APPApache2.4.0 – 2.12.0 (bez)Canonical Ubuntu
OSCanonical10.0412.0412.1013.0413.10HP Ux
OSHpwszystkie wersjeIBM Aix
OSIbmwszystkie wersjeIBM Host On Demand
APPIbm11.011.0.111.0.211.0.311.0.411.0.511.0.5.111.0.611.0.6.111.0.711.0.8IBM I
OSIbmwszystkie wersjeIBM Java
APPIbm5.0.0.05.0.11.05.0.11.15.0.11.25.0.12.05.0.12.15.0.12.25.0.12.35.0.12.45.0.12.55.0.13.05.0.14.05.0.15.05.0.16.05.0.16.1+ 28 więcejIBM Sterling B2b Integrator
APPIbm5.15.25.2.4IBM Sterling File Gateway
APPIbm2.12.2IBM Tivoli Application Dependency Discovery Manager
APPIbm7.2.2Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeOpensuse
OSOpensuse12.212.3Oracle JDK
APPOracle1.5.01.6.01.7.0Oracle Jre
APPOracle1.5.01.6.01.7.0Oracle Jrockit
APPOracler28.0.0 – r28.2.8r27.7.0 – r27.7.6Oracle Solaris
OSOraclewszystkie wersjeSUSE Linux Enterprise Desktop
OSSuse1011SUSE Linux Enterprise Java
OSSuse1011SUSE Linux Enterprise Sdk
OSSuse11SUSE Linux Enterprise Server
OSSuse10119
Powiązane podatności
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows