VYPR
Moderate severityNVD Advisory· Published Aug 6, 2009· Updated Jun 16, 2026

CVE-2009-2625

CVE-2009-2625

Description

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
xerces:xercesImplMaven
< 2.10.02.10.0

Affected products

58
  • cpe:2.3:a:apache:xerces2_java:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:6.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:primavera_web_services:6.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_web_services:7.0:-:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_web_services:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    < 2.10.0+ 1 more
    • (no CPE)range: < 2.10.0
    • (no CPE)range: < 2.2.0-3.1

Patches

Vulnerability mechanics

References

69

News mentions

0

No linked articles in our index yet.