SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1022680
SecurityTracker URL:  http://securitytracker.com/id/1022680
CVE Reference:   CVE-2009-2625   (Links to External Site)
Date:  Aug 7 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6 Update 14 and prior, 5.0 Update 19 and prior
Description:   A vulnerability was reported in Java Runtime Environment (JRE). A remote user can cause denial of service conditions.

A remote user can create specially crafted XML to trigger a flaw in JRE in the parsing of XML data to cause unspecified denial of service conditions.

CERT-FI and Jukka Taimisto, Tero Rontti, and Rauli Kaksonen from the CROSS project at Codenomicon Ltd reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix for Windows, Solaris, and Linux:

* JDK and JRE 6 Update 15 or later
* JDK and JRE 5.0 Update 20 or later

Java SE releases are available at:

JDK and JRE 6 Update 15:

http://java.sun.com/javase/downloads/index.jsp

JRE 6 Update 15:

http://java.com/

through the Java Update tool for Microsoft Windows users.

JDK 6 Update 15 for Solaris is available in the following patches:

* Java SE 6 Update 15 (as delivered in patch 125136-16)
* Java SE 6 Update 15 (as delivered in patch 125137-16 (64bit))
* Java SE 6_x86 Update 15 (as delivered in patch 125138-16)
* Java SE 6_x86 Update 15 (as delivered in patch 125139-16 (64bit))

JDK and JRE 5.0 Update 20:

http://java.sun.com/javase/downloads/index_jdk5.jsp

JDK 5.0 Update 20 for Solaris is available in the following patches:

* J2SE 5.0 Update 18 (as delivered in patch 118666-21)
* J2SE 5.0 Update 18 (as delivered in patch 118667-21 (64bit))
* J2SE 5.0_x86 Update 18 (as delivered in patch 118668-21)
* J2SE 5.0_x86 Update 18 (as delivered in patch 118669-21 (64bit))

Java SE for Business releases are available at:

http://www.sun.com/software/javaseforbusiness/getit_download.jsp

Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:

http://www.java.com/en/download/help/5000010800.xml

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 7 2009 (Red Hat Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has released a fix for java-1.5.0-sun for Red Hat Enterprise Linux 4 and 5.
Aug 7 2009 (Red Hat Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has released a fix for java-1.6.0-sun for Red Hat Enterprise Linux 4 and 5.
Aug 28 2009 (Red Hat Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has released a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
Sep 3 2009 (Apple Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Apple has issued a fix for Mac OS X 10.5.
Oct 15 2009 (Red Hat Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has released a fix for java-1.4.2-ibm for Red Hat Enterprise Linux Extras 3, 4, and 5.
Nov 5 2009 (Red Hat Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP.
Nov 12 2009 (Red Hat Issues Fix) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.6.0-ibm for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
Dec 15 2009 (Sun Issues Fix for Sun Java System Application Server) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Sun has issued a fix for Sun Java System Application Server 8.x.
Jun 13 2012 (Red Hat Issues Fix for JBoss) Java Runtime Environment (JRE) XML Parsing Bug Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Operations Network.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC