CVE-2013-4002

Name of the Vulnerable Software and Affected Versions Apache Xerces2 Java Parser versions prior to 2.12.0 IBM Java 5.0 versions prior to 5.0 SR16-FP3 IBM Java 6 versions prior to 6 SR14 IBM Java 6.0.1 versions prior to 6.0.1 SR6 IBM Java 7 versions prior to 7 SR5 Oracle Java SE 7u40 and earlier Oracle Java SE 6u60 and earlier Oracle Java SE 5.0u51 and earlier JRockit R28.2.8 and earlier JRockit R27.7.6 and earlier Java SE Embedded 7u40 and earlier

Description The issue allows remote attackers to cause a denial of service via vectors related to XML attribute names. This is related to the XMLscanner.java in Apache Xerces2 Java Parser.

Recommendations For Apache Xerces2 Java Parser versions prior to 2.12.0, update to version 2.12.0 or later. For IBM Java 5.0 versions prior to 5.0 SR16-FP3, update to 5.0 SR16-FP3 or later. For IBM Java 6 versions prior to 6 SR14, update to 6 SR14 or later. For IBM Java 6.0.1 versions prior to 6.0.1 SR6, update to 6.0.1 SR6 or later. For IBM Java 7 versions prior to 7 SR5, update to 7 SR5 or later. For Oracle Java SE 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE 5.0u51 and earlier, update to a version later than 5.0u51. For JRockit R28.2.8 and earlier, update to a version later than R28.2.8. For JRockit R27.7.6 and earlier, update to a version later than R27.7.6. For Java SE Embedded 7u40 and earlier, update to a version later than 7u40.