CVE-2009-2625

Name of the Vulnerable Software and Affected Versions Apache Xerces2 Java versions prior to JDK and JRE 6 Update 15 Apache Xerces2 Java versions prior to JDK and JRE 5.0 Update 20 libxerces2-java-gcj (affected versions not specified) libxerces2-java-doc (affected versions not specified) libxerces2-java (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and application hang, via malformed XML input. This can be demonstrated by the Codenomicon XML fuzzing framework. The exploitation of the vulnerabilities can lead to a disruption of protected information and can be carried out remotely.

Recommendations For Apache Xerces2 Java versions prior to JDK and JRE 6 Update 15, update to JDK and JRE 6 Update 15 or later. For Apache Xerces2 Java versions prior to JDK and JRE 5.0 Update 20, update to JDK and JRE 5.0 Update 20 or later. For libxerces2-java-gcj, libxerces2-java-doc, and libxerces2-java, at the moment, there is no information about a newer version that contains a fix for this vulnerability.