Back to bug 1019176
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Stefan Cornelius | 2013-10-15 09:10:59 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2013-10-15 09:10:59 UTC | Doc Type | --- | Bug Fix |
| Stefan Cornelius | 2013-10-15 09:11:39 UTC | CC | dbhole, jkurik, jvanek | |
| Stefan Cornelius | 2013-10-15 09:15:31 UTC | Blocks | 1017595 | |
| Tomas Hoger | 2013-10-15 16:18:35 UTC | CC | rkennke | |
| Stefan Cornelius | 2013-10-16 06:38:54 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) | CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) | ||
| Whiteboard | impact=moderate,public=no,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected | ||
| Tomas Hoger | 2013-10-18 20:06:02 UTC | Blocks | 1017632 | |
| David Jorm | 2013-10-28 06:21:24 UTC | CC | djorm | |
| David Sirrine | 2013-10-31 14:17:06 UTC | CC | dsirrine | |
| Tomas Hoger | 2013-12-08 22:39:56 UTC | Status | NEW | CLOSED |
| Fixed In Version | icedtea 2.4.3, icedtea 1.11.14, icedtea 1.12.7 | |||
| Resolution | --- | ERRATA | ||
| Last Closed | 2013-12-08 17:39:56 UTC | |||
| Arun Babu Neelicattu | 2014-09-10 06:38:44 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=wontfix,openshift-enterprise-2/xercesMnimal=wontfix,rhn_satellite_5/xerces-j2=wontfix,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected |
| Arun Babu Neelicattu | 2014-09-10 06:41:22 UTC | CC | acathrow, alonbl, aneelica, asantos, bazulay, bdawidow, bleanhar, bmcclain, brms-jira, ccoleman, cdewolf, chazlett, cperry, dandread, darran.lofthouse, dblechte, dknox, dmcphers, ecohen, epp-bugs, fnasser, gklein, gmurphy, hfnukal, huwang, idith, iheim, jason.greene, java-maint, jawilson, jbpapp-maint, jclere, jcoleman, jdetiber, jdg-bugs, jialiu, jkeck, jokerman, jorton, jpallich, kconner, krzysztof.daniel, kseifried, lgao, lmeyer, lsurette, mat.booth, michal.skrivanek, mizdebsk, mmaslano, mmccomas, mmraka, mnovotny, mweiler, myarboro, patrickm, pavelp, pcheung, pgier, pslavice, rbalakri, Rhev-m-bugs, rhq-maint, rsvoboda, rzhang, soa-p-jira, spinder, taw, theute, tjay, tkirby, ttarrant, vtunka, weli, ydary, yeylon | |
| Arun Babu Neelicattu | 2014-09-10 06:50:16 UTC | Blocks | 1139983 | |
| Arun Babu Neelicattu | 2014-09-10 06:53:56 UTC | Status | CLOSED | NEW |
| Fixed In Version | icedtea 2.4.3, icedtea 1.11.14, icedtea 1.12.7 | icedtea 2.4.3, icedtea 1.11.14, icedtea 1.12.7, xerces-j2 2.12.0 | ||
| Resolution | ERRATA | --- | ||
| Summary | CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) | CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) | ||
| Keywords | Reopened | |||
| Arun Babu Neelicattu | 2014-09-10 07:10:24 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=wontfix,openshift-enterprise-2/xercesMnimal=wontfix,rhn_satellite_5/xerces-j2=wontfix,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected |
| Arun Babu Neelicattu | 2014-09-10 07:12:58 UTC | Depends On | 1140003 | |
| Arun Babu Neelicattu | 2014-09-10 07:13:05 UTC | Depends On | 1140004 | |
| Arun Babu Neelicattu | 2014-09-10 07:13:12 UTC | Depends On | 1140005 | |
| Tomas Hoger | 2014-09-10 08:15:59 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix |
| Tomas Hoger | 2014-09-10 08:18:28 UTC | Depends On | 1140031 | |
| Tomas Hoger | 2014-09-10 08:24:21 UTC | Depends On | 1140033 | |
| Tomas Hoger | 2014-09-10 09:01:31 UTC | Depends On | 1140051 | |
| Tomas Hoger | 2014-09-10 09:01:38 UTC | Depends On | 1140052 | |
| Tomas Hoger | 2014-09-10 09:01:46 UTC | Depends On | 1140053 | |
| Tomas Hoger | 2014-09-10 09:01:53 UTC | Depends On | 1140054 | |
| Tomas Hoger | 2014-09-10 09:11:47 UTC | Blocks | 1140063 | |
| Arun Babu Neelicattu | 2014-09-10 11:10:43 UTC | Doc Text | It was discovered that the resource utilization for the XMLEntityScanner.scanName() method grew exponentially with the size of the name string being scanned. A remote attacker could use this flaw to trigger a denial of service attack by providing a crafted XML fragment or document. | |
| Tomas Hoger | 2014-09-10 11:52:36 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/eclipse=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix |
| Tomas Hoger | 2014-09-10 11:53:47 UTC | CC | akurtako, mbenitez, mfranc, mnewsome | |
| Tomas Hoger | 2014-09-10 11:55:08 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/eclipse=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix |
| Tomas Hoger | 2014-09-10 11:56:27 UTC | Depends On | 1140161 | |
| Arun Babu Neelicattu | 2014-09-10 13:38:13 UTC | Doc Text | It was discovered that the resource utilization for the XMLEntityScanner.scanName() method grew exponentially with the size of the name string being scanned. A remote attacker could use this flaw to trigger a denial of service attack by providing a crafted XML fragment or document. | A resource consumption issue was found in the way Xerces Java handled XML declaration. An XML document with specially crafted declaration with a long pseudo attribute name could cause an application using Xerces Java to use an excessive amount CPU time when parsed. |
| David Jorm | 2014-09-11 04:09:28 UTC | Depends On | 1140466 | |
| David Jorm | 2014-09-11 04:09:46 UTC | Depends On | 1140467 | |
| David Jorm | 2014-09-11 04:10:07 UTC | Depends On | 1140468 | |
| David Jorm | 2014-09-11 04:10:24 UTC | Depends On | 1140469 | |
| David Jorm | 2014-09-11 04:10:48 UTC | Depends On | 1140470 | |
| Martin Prpič | 2014-09-12 09:06:12 UTC | Doc Text | A resource consumption issue was found in the way Xerces Java handled XML declaration. An XML document with specially crafted declaration with a long pseudo attribute name could cause an application using Xerces Java to use an excessive amount CPU time when parsed. | A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. |
| Martin Prpič | 2014-09-16 11:48:13 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix |
| Mat Booth | 2014-09-29 14:07:10 UTC | CC | mat.booth | |
| Arun Babu Neelicattu | 2014-09-30 08:54:04 UTC | Blocks | 1147878 | |
| Fernando Nasser | 2014-10-15 19:30:19 UTC | Status | NEW | ON_QA |
| John Skeoch | 2014-10-21 00:09:28 UTC | CC | djorm | mjc |
| Arun Babu Neelicattu | 2014-11-06 00:48:23 UTC | Status | ON_QA | NEW |
| Pavel Polischouk | 2014-11-06 03:09:53 UTC | Depends On | 1160941 | |
| Pavel Polischouk | 2014-11-06 03:09:58 UTC | Depends On | 1160942 | |
| Pavel Polischouk | 2014-11-06 03:10:03 UTC | Depends On | 1160943 | |
| Pavel Polischouk | 2014-11-06 03:10:08 UTC | Depends On | 1160944 | |
| Pavel Polischouk | 2014-11-06 03:10:13 UTC | Depends On | 1160946 | |
| Pavel Polischouk | 2014-11-06 03:10:17 UTC | Depends On | 1160947 | |
| Pavel Polischouk | 2014-11-06 03:10:22 UTC | Depends On | 1160948 | |
| Pavel Polischouk | 2014-11-06 03:10:27 UTC | Depends On | 1160949 | |
| Pavel Polischouk | 2014-11-06 03:10:32 UTC | Depends On | 1160951 | |
| Pavel Polischouk | 2014-11-06 03:10:37 UTC | Depends On | 1160952 | |
| Pavel Polischouk | 2014-11-06 03:10:42 UTC | Depends On | 1160953 | |
| Pavel Polischouk | 2014-11-06 03:10:48 UTC | Depends On | 1160954 | |
| Pavel Polischouk | 2014-11-06 06:08:56 UTC | Depends On | 1161004 | |
| John Skeoch | 2014-11-09 23:06:20 UTC | CC | gmurphy | |
| Pavel Polischouk | 2015-01-14 02:23:39 UTC | Blocks | 1181883 | |
| Pavel Polischouk | 2015-01-15 02:25:56 UTC | Blocks | 1182400 | |
| Pavel Polischouk | 2015-01-15 03:35:11 UTC | Blocks | 1182419 | |
| Wade Mealing | 2015-01-29 04:47:58 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected |
| Wade Mealing | 2015-01-29 05:47:48 UTC | Depends On | 1186995 | |
| John Skeoch | 2015-02-06 01:19:46 UTC | CC | asantos | kejohnso |
| Chess Hazlett | 2015-02-14 00:43:45 UTC | Depends On | 1192655 | |
| Chess Hazlett | 2015-02-14 00:43:51 UTC | Depends On | 1192656 | |
| Chess Hazlett | 2015-02-14 00:43:55 UTC | Depends On | 1192657 | |
| Chess Hazlett | 2015-02-14 00:44:00 UTC | Depends On | 1192658 | |
| Chess Hazlett | 2015-02-14 00:44:06 UTC | Depends On | 1192659 | |
| Chess Hazlett | 2015-02-14 00:44:11 UTC | Depends On | 1192660 | |
| Chess Hazlett | 2015-02-14 00:44:17 UTC | Depends On | 1192661 | |
| John Skeoch | 2015-02-15 21:58:42 UTC | CC | aneelica | grocha |
| Chess Hazlett | 2015-02-25 16:08:58 UTC | Blocks | 1196291 | |
| Chess Hazlett | 2015-02-25 16:23:44 UTC | Blocks | 1196295 | |
| Chess Hazlett | 2015-02-25 17:32:23 UTC | Blocks | 1196328 | |
| Pavel Polischouk | 2015-02-25 20:51:11 UTC | Blocks | 1196376 | |
| Chess Hazlett | 2015-02-25 22:13:02 UTC | Blocks | 1196406 | |
| Pavel Polischouk | 2015-03-10 00:14:21 UTC | Blocks | 1200191 | |
| Chess Hazlett | 2015-03-19 15:49:58 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=affected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected |
| Chess Hazlett | 2015-03-19 15:50:42 UTC | CC | aileenc, alazarot, asantos, bgollahe, bkearney, etirelli, felias, ggainey, gvarsami, hchiorea, jolee, kanderso, kkhan, ldimaggi, lkocman, lpetrovi, mat.booth, mbaluch, meissner, mkollar, mwinkler, nwallace, rrajasek, rwagner, sbaiduzh, tcunning, thomas, tmlcoch, twalsh, vhalbert | |
| Chess Hazlett | 2015-03-19 16:01:15 UTC | Blocks | 1196406 | |
| Horia Chiorean | 2015-03-19 16:11:41 UTC | CC | hchiorea | |
| Mat Booth | 2015-03-25 09:36:42 UTC | CC | mat.booth | |
| Chess Hazlett | 2015-03-28 03:39:42 UTC | Blocks | 1206755 | |
| John Skeoch | 2015-07-26 22:22:06 UTC | CC | mkollar | |
| Ján Rusnačko | 2015-07-29 13:39:46 UTC | CC | jrusnack | |
| Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/fuse-esb-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | ||
| Chess Hazlett | 2015-09-02 21:39:51 UTC | Blocks | 1196291 | |
| Vincent Danen | 2015-10-15 18:02:53 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=notaffected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected |
| Vincent Danen | 2015-10-15 21:36:23 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=notaffected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=notaffected,rhel-7/xerces-j2=notaffected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected |
| John Skeoch | 2015-11-02 00:21:23 UTC | CC | dknox | |
| Ján Rusnačko | 2015-11-25 10:12:10 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=notaffected,rhel-7/xerces-j2=notaffected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected |
| Marek Novotny | 2015-11-25 10:44:50 UTC | CC | mnovotny | |
| John Skeoch | 2016-01-04 05:42:34 UTC | CC | alonbl | |
| John Skeoch | 2016-01-28 22:19:07 UTC | CC | ecohen | ykaul |
| John Skeoch | 2016-02-01 02:32:53 UTC | CC | mfranc | ohudlick |
| Chess Hazlett | 2016-04-11 04:21:44 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2013-12-08 17:39:56 UTC | 2016-04-11 00:21:44 UTC | ||
| Tomas Hoger | 2016-06-01 08:17:37 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3.0/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected |
| Jason Shepherd | 2016-09-13 04:01:09 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected,fedora-all/wildfly=affected |
| Jason Shepherd | 2016-09-13 04:01:49 UTC | CC | dchen, mgoldman, puntogil | |
| Jason Shepherd | 2016-09-13 04:05:42 UTC | Depends On | 1375418 | |
| Jason Shepherd | 2016-09-13 04:25:33 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected,fedora-all/wildfly=affected | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected,fedora-all/wildfly=affected,eap-7/Web Services=notaffected |
| Jason Shepherd | 2016-09-13 04:26:11 UTC | CC | bbaranow, bmaxwell, csutherl, dosoudil, jshepherd, psakar, rnetuka | |
| Tomas Hoger | 2019-01-16 10:25:25 UTC | Blocks | 1017595 | |
| Gil Klein | 2019-04-28 10:05:12 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-09-29 13:09:10 UTC | Whiteboard | impact=moderate,public=20131015,reported=20131009,source=oracle,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-5/xerces-j2=wontfix,rhel-6/xerces-j2=affected,rhel-7/xerces-j2=affected,rhscl-1/maven30-xerces-j2=affected,dts-3/xerces-j2=affected,fedora-all/xerces-j2=affected,jboss/fuse-esb-4=wontfix,jboss/fuse-esb-7=wontfix,jboss/fuse-mc-7=wontfix,jboss/fuse-mq-7=wontfix,jboss/amq-6=affected,brms-6/xerces-j2=affected,bpms-6/xerces-j2=affected,jdg-6/xerces-j2=affected,jdv-6/xerces-j2=affected,eap-4/xerces-j2=wontfix,eap-5/xerces-j2=wontfix,eap-6/xerces-j2=affected,brms-5/xerces-j2=wontfix,epp-5/xerces-j2=wontfix,soap-4/xerces-j2=wontfix,soap-5/xerces-j2=wontfix,jboss/ewp-5=wontfix,jbews-1/xerces-j2=wontfix,jboss/fuse-6=affected,fsw-6/xerces-j2=affected,jon-3/xerces-j2=affected,jpp-6/xerces-j2=affected,wfk-2/xerces-j2=notaffected,rhev-m-3/jasperreports-server-pro=affected,openshift-enterprise-1/xercesMnimal=notaffected,openshift-enterprise-2/xercesMnimal=notaffected,rhn_satellite_5/xerces-j2=wontfix,rhev-m-3.6/jasperreports-server-pro=affected,fedora-all/wildfly=affected,eap-7/Web Services=notaffected | |
| Ken Wills | 2020-07-15 02:43:58 UTC | CC | kwills | |
| Grant Gainey | 2020-07-15 11:24:25 UTC | CC | tom.jenkinson | |
| CC | ggainey |
Back to bug 1019176