Versio.io

CVE-2013-4002

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 23-07-2013 01:03
Last modified: - 13-05-2022 04:57
Total changes: - 4

Description

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:N/A:C
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
-
Privileges required
-
Scope
-
User interaction
7.1
Base score
8.6
6.9
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=ibm AND product=java AND version=5.0.12.2
vendor=ibm AND product=java AND version=5.0.12.3
vendor=ibm AND product=java AND version=5.0.0.0
vendor=ibm AND product=java AND version=5.0.14.0
vendor=ibm AND product=java AND version=5.0.11.0
vendor=ibm AND product=java AND version=5.0.16.0
vendor=ibm AND product=java AND version=5.0.12.1
vendor=ibm AND product=java AND version=5.0.13.0
vendor=ibm AND product=java AND version=5.0.16.2
vendor=ibm AND product=java AND version=5.0.12.4
vendor=ibm AND product=java AND version=5.0.12.0
vendor=ibm AND product=java AND version=5.0.16.1
vendor=ibm AND product=java AND version=5.0.15.0
vendor=ibm AND product=java AND version=5.0.12.5
vendor=ibm AND product=java AND version=5.0.11.1
vendor=ibm AND product=java AND version=5.0.11.2
OR
vendor=ibm AND product=java AND version=6.0.3.0
vendor=ibm AND product=java AND version=6.0.9.0
vendor=ibm AND product=java AND version=6.0.13.0
vendor=ibm AND product=java AND version=6.0.10.1
vendor=ibm AND product=java AND version=6.0.10.0
vendor=ibm AND product=java AND version=6.0.13.2
vendor=ibm AND product=java AND version=6.0.6.0
vendor=ibm AND product=java AND version=6.0.1.0
vendor=ibm AND product=java AND version=6.0.9.1
vendor=ibm AND product=java AND version=6.0.12.0
vendor=ibm AND product=java AND version=6.0.2.0
vendor=ibm AND product=java AND version=6.0.11.0
vendor=ibm AND product=java AND version=6.0.5.0
vendor=ibm AND product=java AND version=6.0.7.0
vendor=ibm AND product=java AND version=6.0.4.0
vendor=ibm AND product=java AND version=6.0.9.2
vendor=ibm AND product=java AND version=6.0.13.1
vendor=ibm AND product=java AND version=6.0.0.0
vendor=ibm AND product=java AND version=6.0.8.1
vendor=ibm AND product=java AND version=6.0.8.0
OR
vendor=ibm AND product=java AND version=7.0.0.0
vendor=ibm AND product=java AND version=7.0.2.0
vendor=ibm AND product=java AND version=7.0.4.2
vendor=ibm AND product=java AND version=7.0.1.0
vendor=ibm AND product=java AND version=7.0.4.1
vendor=ibm AND product=java AND version=7.0.3.0
vendor=ibm AND product=java AND version=7.0.4.0
OR
vendor=oracle AND product=jre AND version=1.7.0 AND update=update40
vendor=oracle AND product=jdk AND version=1.7.0 AND update=update40
vendor=oracle AND product=jrockit AND versionEndIncluding=r27.7.6 AND versionStartIncluding=r27.7.0
vendor=oracle AND product=jrockit AND versionEndIncluding=r28.2.8 AND versionStartIncluding=r28.0.0
vendor=oracle AND product=jdk AND version=1.5.0 AND update=update51
vendor=oracle AND product=jdk AND version=1.6.0 AND update=update60
vendor=oracle AND product=jre AND version=1.5.0 AND update=update51
vendor=oracle AND product=jre AND version=1.6.0 AND update=update60
OR
vendor=ibm AND product=sterling_b2b_integrator AND version=5.2.4
AND
OR
vendor=ibm AND product=host_on-demand AND version=11.0
vendor=ibm AND product=host_on-demand AND version=11.0.8
vendor=ibm AND product=host_on-demand AND version=11.0.3
vendor=ibm AND product=host_on-demand AND version=11.0.5
vendor=ibm AND product=host_on-demand AND version=11.0.7
vendor=ibm AND product=host_on-demand AND version=11.0.1
vendor=ibm AND product=host_on-demand AND version=11.0.6
vendor=ibm AND product=host_on-demand AND version=11.0.4
vendor=ibm AND product=host_on-demand AND version=11.0.2
vendor=ibm AND product=host_on-demand AND version=11.0.5.1
vendor=ibm AND product=host_on-demand AND version=11.0.6.1
OR
vendor=microsoft AND product=windows AND version=-
AND
OR
vendor=ibm AND product=tivoli_application_dependency_discovery_manager AND version=7.2.2
OR
vendor=microsoft AND product=windows AND version=-
vendor=linux AND product=linux_kernel AND version=-
vendor=ibm AND product=aix AND version=-
vendor=oracle AND product=solaris AND version=- AND target_hardware=-
AND
OR
vendor=ibm AND product=sterling_b2b_integrator AND version=5.2
vendor=ibm AND product=sterling_b2b_integrator AND version=5.1
vendor=ibm AND product=sterling_file_gateway AND version=2.1
vendor=ibm AND product=sterling_file_gateway AND version=2.2
OR
vendor=microsoft AND product=windows AND version=-
vendor=linux AND product=linux_kernel AND version=-
vendor=hp AND product=hp-ux AND version=-
vendor=ibm AND product=aix AND version=-
vendor=ibm AND product=i AND version=-
vendor=oracle AND product=solaris AND version=- AND target_hardware=-
OR
vendor=suse AND product=linux_enterprise_desktop AND version=11 AND update=sp3
vendor=suse AND product=linux_enterprise_server AND version=11 AND update=sp3 AND target_software=vmware
vendor=opensuse AND product=opensuse AND version=12.3
vendor=suse AND product=linux_enterprise_server AND version=9
vendor=opensuse AND product=opensuse AND version=12.2
vendor=suse AND product=linux_enterprise_server AND version=11 AND update=sp2 AND target_software=vmware
vendor=suse AND product=linux_enterprise_server AND version=11 AND update=sp2 AND target_software=-
vendor=suse AND product=linux_enterprise_server AND version=11 AND update=sp3 AND target_software=-
vendor=suse AND product=linux_enterprise_sdk AND version=11 AND update=sp3
vendor=suse AND product=linux_enterprise_server AND version=10 AND update=sp3 AND software_edition=ltss
vendor=suse AND product=linux_enterprise_desktop AND version=10 AND update=sp4 AND software_edition=-
vendor=suse AND product=linux_enterprise_java AND version=10 AND update=sp4
vendor=suse AND product=linux_enterprise_java AND version=11 AND update=sp2
vendor=suse AND product=linux_enterprise_java AND version=11 AND update=sp3
vendor=suse AND product=linux_enterprise_sdk AND version=11 AND update=sp2
vendor=suse AND product=linux_enterprise_server AND version=10 AND update=sp4 AND software_edition=-
OR
vendor=canonical AND product=ubuntu_linux AND version=13.04
vendor=canonical AND product=ubuntu_linux AND version=13.10
vendor=canonical AND product=ubuntu_linux AND version=12.10
vendor=canonical AND product=ubuntu_linux AND version=10.04 AND software_edition=-
vendor=canonical AND product=ubuntu_linux AND version=12.04 AND software_edition=-
OR
vendor=apache AND product=xerces2_java AND versionStartIncluding=2.4.0 AND versionEndExcluding=2.12.0
 

Reference

 


Keywords

NVD

 

CVE-2013-4002

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.