mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1004 B
1004 B
CVE-2009-2625
Description
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356
Github
No PoCs found on GitHub currently.