JVN/CVE Demo: Nvdinfos

NVD

Id: 49867
Name: CVE-2009-2625
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Reject
CVSS Version: 2
CVSS Score: 5
Severity: Medium
CVSS Base Score: 5
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 10
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Pub Date: 2017-01-07
Published: 2009-08-06
Modified Date: 2014-05-05
Seq: 2009-2625

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
252037	49867	CVE-2009-2625	APPLE-SA-2009-09-03-1	View
252038	49867	CVE-2009-2625	SUSE-SR:2009:016	View
252039	49867	CVE-2009-2625	SUSE-SR:2009:017	View
252040	49867	CVE-2009-2625	SUSE-SA:2009:053	View
252041	49867	CVE-2009-2625	SUSE-SR:2010:013	View
252042	49867	CVE-2009-2625	SSRT090250	View
252043	49867	CVE-2009-2625	oval:org.mitre.oval:def:8520	View
252044	49867	CVE-2009-2625	oval:org.mitre.oval:def:9356	View
252045	49867	CVE-2009-2625	RHSA-2012:1232	View
252046	49867	CVE-2009-2625	RHSA-2012:1537	View
252047	49867	CVE-2009-2625	SSA:2011-041-02	View
252048	49867	CVE-2009-2625	http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	View
252049	49867	CVE-2009-2625	263489	View
252050	49867	CVE-2009-2625	272209	View
252051	49867	CVE-2009-2625	1021506	View
252052	49867	CVE-2009-2625	http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h	View
252053	49867	CVE-2009-2625	http://www.cert.fi/en/reports/2009/vulnerability2009085.html	View
252054	49867	CVE-2009-2625	http://www.codenomicon.com/labs/xml/	View
252055	49867	CVE-2009-2625	DSA-1984	View
252056	49867	CVE-2009-2625	MDVSA-2009:209	View
252057	49867	CVE-2009-2625	MDVSA-2011:108	View
252058	49867	CVE-2009-2625	http://www.networkworld.com/columnists/2009/080509-xml-flaw.html	View
252059	49867	CVE-2009-2625	[oss-security] 20090906 Re: Re: expat bug 1990430	View
252060	49867	CVE-2009-2625	[oss-security] 20091022 Re: Regarding expat bug 1990430	View
252061	49867	CVE-2009-2625	[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]	View
252062	49867	CVE-2009-2625	[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]	View
252063	49867	CVE-2009-2625	http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	View
252064	49867	CVE-2009-2625	http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html	View
252065	49867	CVE-2009-2625	RHSA-2009:1615	View
252066	49867	CVE-2009-2625	RHSA-2011:0858	View
252067	49867	CVE-2009-2625	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components	View
252068	49867	CVE-2009-2625	35958	View
252069	49867	CVE-2009-2625	1022680	View
252070	49867	CVE-2009-2625	USN-890-1	View
252071	49867	CVE-2009-2625	TA09-294A	View
252072	49867	CVE-2009-2625	TA10-012A	View
252073	49867	CVE-2009-2625	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	View
252074	49867	CVE-2009-2625	ADV-2009-2543	View
252075	49867	CVE-2009-2625	ADV-2009-3316	View
252076	49867	CVE-2009-2625	ADV-2011-0359	View
252077	49867	CVE-2009-2625	https://bugzilla.redhat.com/show_bug.cgi?id=512921	View
252078	49867	CVE-2009-2625	RHSA-2009:1199	View
252079	49867	CVE-2009-2625	RHSA-2009:1200	View
252080	49867	CVE-2009-2625	RHSA-2009:1201	View
252081	49867	CVE-2009-2625	RHSA-2009:1636	View
252082	49867	CVE-2009-2625	RHSA-2009:1637	View
252083	49867	CVE-2009-2625	RHSA-2009:1649	View
252084	49867	CVE-2009-2625	RHSA-2009:1650	View
252085	49867	CVE-2009-2625	FEDORA-2009-8329	View
252086	49867	CVE-2009-2625	FEDORA-2009-8337	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
40982	JVNDB-2009-001988	Sun JRE で使用している Apache Xerces2 Java におけるサービス運用妨害 (DoS) の脆弱性	Sun Java Runtime Environment (JRE) で使用している Apache Xerces2 Java には、XML 入力処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。	CVE-2009-2625	40056	CVE-2009-2625	49867	5		http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001988.html	2009-08-05	2012-11-30	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.35 MB
View render complete	37.66 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.56
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	289.56
Event: Controller.beforeRender	4.58
» Processing toolbar data	4.50
Rendering View	1464.52
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	1402.14
» Event: View.afterRender	0.06
» Event: View.beforeLayout	0.03
» Rendering APP/View/Layouts/default.ctp	39.05
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	12.52
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/49867
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/49867
Remote Port	50241
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFLWKA4RvLpdt2nVrWrdiAAAAMk
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFLWKA4RvLpdt2nVrWrdiAAAAMk
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFLWKA4RvLpdt2nVrWrdiAAAAMk
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750259240.8285
Request Time	1750259240

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files