CVE-2013-4002
Public on 2013-07-23
Modified on 2024-02-12
Description
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | java-1.6.0-openjdk | 2013-11-05 | ALAS-2013-246 | Fixed |
| Amazon Linux 1 | java-1.7.0-openjdk | 2013-10-23 | ALAS-2013-235 | Fixed |
| Amazon Linux 2 - Core | java-1.7.0-openjdk | Not Affected | ||
| Amazon Linux 1 | xerces-j2 | 2014-10-28 | ALAS-2014-436 | Fixed |
| Amazon Linux 2 - Core | xerces-j2 | Not Affected | ||
| Amazon Linux 2023 | xerces-j2 | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| NVD | CVSSv2 | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |