VulnerableCode Package Details - pkg:rpm/redhat/rh-eap-docs@4.2.0-6.GA

Search for packages

Vulnerability	Summary	Fixed by
VCID-2gpd-vwgb-67cn Aliases: CVE-2009-2625 GHSA-334p-wv2m-w3vp	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.	There are no reported fixed by versions.
VCID-apuu-uzfk-vfe8 Aliases: CVE-2009-2405	JBoss Application Server Web Console XSS	There are no reported fixed by versions.
VCID-bbpb-dqxb-x3ef Aliases: CVE-2009-1380	jbossas JMX-Console cross-site-scripting in filter parameter	There are no reported fixed by versions.
VCID-wz7p-atjg-q7az Aliases: CVE-2009-3554	JBoss EAP Twiddle logs the JMX password	There are no reported fixed by versions.
VCID-z7ht-bq8z-3qgd Aliases: CVE-2009-0217 GHSA-8hfm-837h-hjg5	XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2gpd-vwgb-67cn
Aliases:
CVE-2009-2625
GHSA-334p-wv2m-w3vp

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.