CVE-2013-4002
Vulnerability from cvelistv5
Published
2013-07-23 10:00
Modified
2024-08-06 16:30
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
psirt@us.ibm.comhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlBroken Link, Mailing List
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlThird Party Advisory
psirt@us.ibm.comhttp://marc.info/?l=bugtraq&m=138674031212883&w=2Issue Tracking, Mailing List, Third Party Advisory
psirt@us.ibm.comhttp://marc.info/?l=bugtraq&m=138674073720143&w=2Issue Tracking, Mailing List, Third Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1059.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1060.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1081.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1440.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1447.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1451.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1505.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1818.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1821.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1822.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1823.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0675.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0773.htmlBroken Link
psirt@us.ibm.comhttp://secunia.com/advisories/56257Third Party Advisory
psirt@us.ibm.comhttp://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
psirt@us.ibm.comhttp://support.apple.com/kb/HT5982Third Party Advisory
psirt@us.ibm.comhttp://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patchPatch, Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC98015Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21653371Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21657539Vendor Advisory
psirt@us.ibm.comhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlThird Party Advisory
psirt@us.ibm.comhttp://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21648172Broken Link
psirt@us.ibm.comhttp://www.securityfocus.com/bid/61310Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.ubuntu.com/usn/USN-2033-1Third Party Advisory
psirt@us.ibm.comhttp://www.ubuntu.com/usn/USN-2089-1Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2014:0414Third Party Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85260VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://issues.apache.org/jira/browse/XERCESJ-1679Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
psirt@us.ibm.comhttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
psirt@us.ibm.comhttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
psirt@us.ibm.comhttps://www.oracle.com/security-alerts/cpuapr2022.html
psirt@us.ibm.comhttps://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlThird Party Advisory
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC98015",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
          },
          {
            "name": "RHSA-2013:1060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
          },
          {
            "name": "RHSA-2014:0414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2014:0414"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "RHSA-2013:1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
          },
          {
            "name": "RHSA-2015:0765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "RHSA-2013:1440",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
          },
          {
            "name": "RHSA-2015:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "name": "61310",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61310"
          },
          {
            "name": "RHSA-2015:0773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
          },
          {
            "name": "RHSA-2015:0720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "name": "SUSE-SU-2013:1257",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
          },
          {
            "name": "USN-2033-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2033-1"
          },
          {
            "name": "USN-2089-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2089-1"
          },
          {
            "name": "SUSE-SU-2013:1256",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
          },
          {
            "name": "HPSBUX02944",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
          },
          {
            "name": "RHSA-2013:1505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
          },
          {
            "name": "HPSBUX02943",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
          },
          {
            "name": "RHSA-2014:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
          },
          {
            "name": "56257",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56257"
          },
          {
            "name": "SUSE-SU-2013:1263",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
          },
          {
            "name": "RHSA-2013:1059",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
          },
          {
            "name": "RHSA-2014:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
          },
          {
            "name": "openSUSE-SU-2013:1663",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
          },
          {
            "name": "SUSE-SU-2013:1666",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
          },
          {
            "name": "APPLE-SA-2013-10-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
          },
          {
            "name": "SUSE-SU-2013:1293",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
          },
          {
            "name": "RHSA-2013:1081",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
          },
          {
            "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
          },
          {
            "name": "SUSE-SU-2013:1255",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
          },
          {
            "name": "RHSA-2013:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
          },
          {
            "name": "RHSA-2014:1818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
          },
          {
            "name": "RHSA-2014:1821",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
          },
          {
            "name": "SUSE-SU-2013:1305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
          },
          {
            "name": "ibm-java-cve20134002-dos(85260)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
          },
          {
            "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5982"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:19:06",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC98015",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
        },
        {
          "name": "RHSA-2013:1060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
        },
        {
          "name": "RHSA-2014:0414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2014:0414"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "RHSA-2013:1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
        },
        {
          "name": "RHSA-2015:0765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
        },
        {
          "name": "RHSA-2013:1440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
        },
        {
          "name": "RHSA-2015:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
        },
        {
          "name": "61310",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61310"
        },
        {
          "name": "RHSA-2015:0773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
        },
        {
          "name": "RHSA-2015:0720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
        },
        {
          "name": "SUSE-SU-2013:1257",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
        },
        {
          "name": "USN-2033-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2033-1"
        },
        {
          "name": "USN-2089-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2089-1"
        },
        {
          "name": "SUSE-SU-2013:1256",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
        },
        {
          "name": "HPSBUX02944",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
        },
        {
          "name": "RHSA-2013:1505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
        },
        {
          "name": "HPSBUX02943",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
        },
        {
          "name": "RHSA-2014:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
        },
        {
          "name": "56257",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56257"
        },
        {
          "name": "SUSE-SU-2013:1263",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
        },
        {
          "name": "RHSA-2013:1059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
        },
        {
          "name": "RHSA-2014:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
        },
        {
          "name": "openSUSE-SU-2013:1663",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
        },
        {
          "name": "SUSE-SU-2013:1666",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
        },
        {
          "name": "APPLE-SA-2013-10-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
        },
        {
          "name": "SUSE-SU-2013:1293",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
        },
        {
          "name": "RHSA-2013:1081",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
        },
        {
          "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
        },
        {
          "name": "SUSE-SU-2013:1255",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
        },
        {
          "name": "RHSA-2013:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
        },
        {
          "name": "RHSA-2014:1818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
        },
        {
          "name": "RHSA-2014:1821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
        },
        {
          "name": "SUSE-SU-2013:1305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
        },
        {
          "name": "ibm-java-cve20134002-dos(85260)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
        },
        {
          "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5982"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC98015",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
            },
            {
              "name": "RHSA-2013:1060",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
            },
            {
              "name": "RHSA-2014:0414",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2014:0414"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "RHSA-2013:1447",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "RHSA-2013:1440",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "61310",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61310"
            },
            {
              "name": "RHSA-2015:0773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "SUSE-SU-2013:1257",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
            },
            {
              "name": "USN-2033-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2033-1"
            },
            {
              "name": "USN-2089-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2089-1"
            },
            {
              "name": "SUSE-SU-2013:1256",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
            },
            {
              "name": "HPSBUX02944",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
            },
            {
              "name": "RHSA-2013:1505",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
            },
            {
              "name": "HPSBUX02943",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
            },
            {
              "name": "RHSA-2014:1822",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
            },
            {
              "name": "56257",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56257"
            },
            {
              "name": "SUSE-SU-2013:1263",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
            },
            {
              "name": "RHSA-2013:1059",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
            },
            {
              "name": "RHSA-2014:1823",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
            },
            {
              "name": "openSUSE-SU-2013:1663",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
            },
            {
              "name": "SUSE-SU-2013:1666",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
            },
            {
              "name": "APPLE-SA-2013-10-15-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
            },
            {
              "name": "SUSE-SU-2013:1293",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
            },
            {
              "name": "RHSA-2013:1081",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
            },
            {
              "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E"
            },
            {
              "name": "SUSE-SU-2013:1255",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
            },
            {
              "name": "RHSA-2013:1451",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
            },
            {
              "name": "RHSA-2014:1818",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
            },
            {
              "name": "RHSA-2014:1821",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
            },
            {
              "name": "SUSE-SU-2013:1305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
            },
            {
              "name": "ibm-java-cve20134002-dos(85260)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
            },
            {
              "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21648172",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
            },
            {
              "name": "https://issues.apache.org/jira/browse/XERCESJ-1679",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
            },
            {
              "name": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
            },
            {
              "name": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013",
              "refsource": "MISC",
              "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
            },
            {
              "name": "http://support.apple.com/kb/HT5982",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5982"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
            },
            {
              "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4002",
    "datePublished": "2013-07-23T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4002\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2013-07-23T11:03:19.790\",\"lastModified\":\"2023-11-07T02:16:05.903\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.\"},{\"lang\":\"es\",\"value\":\"XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se emple\u00f3 en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, as\u00ed como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegaci\u00f3n de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.1},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D3F84F-3F6E-4DF1-B162-152293D951EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAD59912-7325-4AE1-ACCF-D4F804AF3947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62783157-E3B6-4A23-8D2F-1FBD0762E9A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14CC0D53-8AB8-4D44-82BB-0E6A974C36AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91A3129F-17A6-4F32-BD5D-34E4A1D1A840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7CD279-54B6-4F6B-AE14-299FB319C690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EA269CA-4676-4008-89EF-20FAB89886A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D22105B6-1378-4E1C-B28A-FCAE00A2D5CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"601762D3-1188-4945-931D-EB8DAC2847A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA4A30A6-498C-46B8-8EFC-45EB13354EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"414CC00A-C797-4C34-8709-75DC061DCDE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4401B967-0550-44F1-8753-9632120D2A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4961693D-F56C-46CD-B721-6A15E2837C17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA4FBB66-CF6A-42D2-B122-1861F4139E75\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AD4A87-382A-41F0-96D8-0F0A9B738773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33701DDF-6882-41D3-A11B-A1F4585A77A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25C58BBA-06AC-40CD-A906-FD1B3B0AAB69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C5B430-EE11-4674-B4B0-895D66E3B32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1837D84-6B4F-40D8-9A3F-71C328F659BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D20A369B-2168-4883-A84C-BB48A71AFB33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3628AAB4-E524-46E5-AAF4-1980256F13CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30DC9FE3-CDE9-4F83-989B-4E431BA18B56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C17B1C6B-04CE-49FB-B9BD-98ECD626B26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F529EB-2BCA-4E3E-93E4-2A9880CDA367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7694638C-CDAC-44DF-B9F9-F7237CD98017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23903A3C-1760-4836-BAE6-BDD32CBB4CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2477E033-D26B-4D71-839B-5FE4B0927559\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CAB7BF-265E-411D-A584-E78DE171F065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E45F670-232F-4CE5-8926-6463E5619506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B70E6E3-15B3-4D48-AE49-B9184A58EECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5BCE3FD-B89B-4141-8103-9DB941AD60D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EADFB3B-738F-4919-B165-9ECEED46EA6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B23A5431-E599-4848-AB83-B299898F5EF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A8BF650-B8F5-467E-8DBF-81788B55F345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1752A831-916F-4A7D-8AAE-1CEFACC51F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C9744C4-76BE-428B-AFF2-5BCE00A58322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B1DE45-90F9-416B-9087-8AEF5B0A3C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EF6A045-0DF6-463B-A0DB-6C31D8C2984C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A731493C-9B46-4105-9902-B15BA0E0FB11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49454369-A494-4EAA-88D5-181570DEBB4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"04C71221-E477-4DF8-B10A-3AC64511E4EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7DE0E6-F329-417B-8035-B4EBF9C97483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"220536FA-695D-4DE8-9813-494E3D061B78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F6B5E73-6751-475A-B9BF-3414D3476208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB654DC-1D3D-4475-8815-335AC573F54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r27.7.0\",\"versionEndIncluding\":\"r27.7.6\",\"matchCriteriaId\":\"DF26274E-5364-4FC1-9603-A78C365596DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r28.0.0\",\"versionEndIncluding\":\"r28.2.8\",\"matchCriteriaId\":\"583E7A18-48C5-4AEE-A9C1-239D678E275A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF65201D-8980-450A-A542-3B5473A6F374\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E51D5AEF-B3D4-4782-9988-BC1DB3F3F296\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E179FC2F-C700-4998-9D7A-3B945874CAC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2341D5E7-15CD-4C8F-ABE8-AA915BFA2804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"474DC3BA-27F2-452A-85AD-BCC476EDD35B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"997CA07C-EBB7-4D7F-AF23-A161817BF4A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BFE87FC-7B77-4840-8185-1707CB37323B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C77DD8B3-A227-4350-8699-FEC822119393\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA56704-18EB-4F3B-A36F-BCEF67B07C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"420CC5FF-0300-4FA7-AB53-78C1A0B83C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7132A0E-C2A1-403E-9516-A6911563D7B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F32CA797-ED68-426E-9370-E16C90075E01\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*\",\"matchCriteriaId\":\"F5027746-8216-452D-83C5-2F8E9546F2A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40363692-5283-4D0C-BAE1-C049C02A0294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F805BA3A-178D-416E-9DED-4258F71A17C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1554D69E-D68E-46CA-B1F7-C24CAABF58E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F480AA32-841A-4E68-9343-B2E7548B0A0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FC45-C9BA-4EF0-BD06-BB289450DD21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*\",\"matchCriteriaId\":\"F5027746-8216-452D-83C5-2F8E9546F2A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D806A17E-B8F9-466D-807D-3F1E77603DC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFBF430B-0832-44B0-AA0E-BA9E467F7668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*\",\"matchCriteriaId\":\"4339DE06-19FB-4B8E-B6AE-3495F605AD05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ED68ADD-BBDA-4485-BC76-58F011D72311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"252CF7A7-3FEB-4503-AEE8-B67139C5B0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"79D7DBBA-6849-45F7-AFEF-C765569C481A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C634990-2690-4E3B-B21F-6687A6A34644\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD2D897-E321-4CED-92E0-11A98B52053C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"CED02712-1031-4206-AC4D-E68710F46EC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*\",\"matchCriteriaId\":\"D1D7B467-58DD-45F1-9F1F-632620DF072A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*\",\"matchCriteriaId\":\"88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*\",\"matchCriteriaId\":\"DB4D6749-81A1-41D7-BF4F-1C45A7F49A22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*\",\"matchCriteriaId\":\"E534C201-BCC5-473C-AAA7-AAB97CEB5437\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*\",\"matchCriteriaId\":\"2470C6E8-2024-4CF5-9982-CFF50E88EAE9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"01EDA41C-6B2E-49AF-B503-EB3882265C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFAA48D9-BEB4-4E49-AD50-325C262D46D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F61F047-129C-41A6-8A27-FFCBB8563E91\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.12.0\",\"matchCriteriaId\":\"8CFD62E4-794A-43C0-8C65-A44D970D1569\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1059.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1060.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1081.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1440.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1451.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1505.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1818.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1821.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1822.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1823.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0675.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0720.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0765.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0773.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/56257\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201406-32.xml\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5982\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21644197\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21653371\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21657539\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21648172\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/61310\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2033-1\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2089-1\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2014:0414\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/85260\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/XERCESJ-1679\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.