• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability

Bugtraq ID:	35958
Class:	Unknown
CVE:	CVE-2009-2625
Remote:	Yes
Local:	No
Published:	Aug 03 2009 12:00AM
Updated:	Feb 01 2010 10:02AM
Credit:	Jukka Taimisto, Tero Rontti and Rauli Kaksonen from the CROSS project at Codenomicon Ltd, and CERT-FI
Vulnerable:	VMWare vMA 4.0 VMWare VirtualCenter 2.0.2 VMWare VirtualCenter 2.5.Update 3 build 1 VMWare VirtualCenter 2.5.Update 3 build 1 VMWare VirtualCenter 2.5 Update 5 VMWare VirtualCenter 2.5 Update 2 VMWare VirtualCenter 2.5 Update 1 VMWare VirtualCenter 2.5 VMWare VirtualCenter 2.0.2 Update 5 VMWare VirtualCenter 2.0.2 Update 4 VMWare VirtualCenter 2.0.2 Update 3 VMWare VirtualCenter 2.0.2 Update 2 VMWare VirtualCenter 2.0.2 Update 1 VMWare vCenter 4.0 VMWare vCenter 4.0 VMWare Server 2.0 VMWare ESX Server 3.0.3 VMWare ESX Server 4.0 VMWare ESX Server 3.5 Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Sun OpenJDK 6 Build b12 Sun JRE (Windows Production Release) 1.5 _06 Sun JRE (Windows Production Release) 1.5 _05 Sun JRE (Windows Production Release) 1.5 _04 Sun JRE (Windows Production Release) 1.5 _03 Sun JRE (Windows Production Release) 1.5 _02 Sun JRE (Windows Production Release) 1.5 _01 Sun JRE (Windows Production Release) 1.6.0_2 Sun JRE (Windows Production Release) 1.6.0_11 Sun JRE (Windows Production Release) 1.6.0_03 Sun JRE (Windows Production Release) 1.6.0_02 Sun JRE (Windows Production Release) 1.6.0_01 Sun JRE (Windows Production Release) 1.5.0_17 Sun JRE (Windows Production Release) 1.5.0_14 Sun JRE (Windows Production Release) 1.5.0_13 Sun JRE (Windows Production Release) 1.5.0_12 Sun JRE (Windows Production Release) 1.5.0_11 Sun JRE (Windows Production Release) 1.5.0_10 Sun JRE (Windows Production Release) 1.5.0_10 Sun JRE (Windows Production Release) 1.5.0.0_09 Sun JRE (Windows Production Release) 1.5.0.0_08 Sun JRE (Windows Production Release) 1.5.0.0_07 Sun JRE (Solaris Production Release) 1.5 _06 Sun JRE (Solaris Production Release) 1.5 _05 Sun JRE (Solaris Production Release) 1.5 _04 Sun JRE (Solaris Production Release) 1.5 _03 Sun JRE (Solaris Production Release) 1.5 _02 Sun JRE (Solaris Production Release) 1.5 _01 Sun JRE (Solaris Production Release) 1.5 Sun JRE (Solaris Production Release) 1.6.0_2 Sun JRE (Solaris Production Release) 1.6.0_11 Sun JRE (Solaris Production Release) 1.6.0_03 Sun JRE (Solaris Production Release) 1.6.0_02 Sun JRE (Solaris Production Release) 1.6.0_01 Sun JRE (Solaris Production Release) 1.5.0_17 Sun JRE (Solaris Production Release) 1.5.0_14 Sun JRE (Solaris Production Release) 1.5.0_13 Sun JRE (Solaris Production Release) 1.5.0_12 Sun JRE (Solaris Production Release) 1.5.0_11 Sun JRE (Solaris Production Release) 1.5.0_10 Sun JRE (Solaris Production Release) 1.5.0.0_09 Sun JRE (Solaris Production Release) 1.5.0.0_08 Sun JRE (Solaris Production Release) 1.5.0.0_07 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _06 Sun JRE (Linux Production Release) 1.5 _05 Sun JRE (Linux Production Release) 1.5 _04 Sun JRE (Linux Production Release) 1.5 _03 Sun JRE (Linux Production Release) 1.5 _02 Sun JRE (Linux Production Release) 1.5 _01 Sun JRE (Linux Production Release) 1.5 .0 beta Sun JRE (Linux Production Release) 1.5 Sun JRE (Linux Production Release) 1.6.0_2 Sun JRE (Linux Production Release) 1.6.0_11 Sun JRE (Linux Production Release) 1.6.0_03 Sun JRE (Linux Production Release) 1.6.0_03 Sun JRE (Linux Production Release) 1.6.0_02 Sun JRE (Linux Production Release) 1.6.0_01 Sun JRE (Linux Production Release) 1.5.0_17 Sun JRE (Linux Production Release) 1.5.0_14 Sun JRE (Linux Production Release) 1.5.0_13 Sun JRE (Linux Production Release) 1.5.0_13 Sun JRE (Linux Production Release) 1.5.0_12 Sun JRE (Linux Production Release) 1.5.0_12 Sun JRE (Linux Production Release) 1.5.0_11 Sun JRE (Linux Production Release) 1.5.0_10 Sun JRE (Linux Production Release) 1.5.0_09 Sun JRE (Linux Production Release) 1.5.0_08 Sun JRE 6.0 Update 7 Sun JRE 6.0 Update 6 Sun JRE 6.0 Update 5 Sun JRE 6.0 Update 4 Sun JRE 6.0 Update 3 Sun JRE 6.0 Update 2 Sun JRE 6.0 Update 14 Sun JRE 6.0 Update 13 Sun JRE 6.0 Update 12 Sun JRE 6.0 Update 11 Sun JRE 6.0 Update 10 Sun JRE 6.0 Update 1 Sun JRE 5.0 Update 9 Sun JRE 5.0 Update 8 Sun JRE 5.0 Update 7 Sun JRE 5.0 Update 6 Sun JRE 5.0 Update 18 Sun JRE 5.0 Update 17 Sun JRE 5.0 Update 16 Sun JRE 5.0 Update 15 Sun JRE 5.0 Update 15 Sun JRE 5.0 Update 14 Sun JRE 5.0 Update 13 Sun JRE 5.0 Update 12 Sun JRE 5.0 Update 11 Sun JRE 5.0 Update 10 Sun JDK (Windows Production Release) 1.5 0_10 Sun JDK (Windows Production Release) 1.5 .0_05 Sun JDK (Windows Production Release) 1.5 .0_04 Sun JDK (Windows Production Release) 1.5 .0_03 Sun JDK (Windows Production Release) 1.5 Sun JDK (Windows Production Release) 1.6.0_03 Sun JDK (Windows Production Release) 1.6.0_02 Sun JDK (Windows Production Release) 1.6.0_01-b06 Sun JDK (Windows Production Release) 1.6.0_01 Sun JDK (Windows Production Release) 1.5.0_16 Sun JDK (Windows Production Release) 1.5.0_13 Sun JDK (Windows Production Release) 1.5.0_12 Sun JDK (Windows Production Release) 1.5.0_11-b03 Sun JDK (Windows Production Release) 1.5.0_07-b03 Sun JDK (Windows Production Release) 1.5.0.0_11 Sun JDK (Windows Production Release) 1.5.0.0_09 Sun JDK (Windows Production Release) 1.5.0.0_08 Sun JDK (Solaris Production Release) 1.5 0_10 Sun JDK (Solaris Production Release) 1.5 0_09 Sun JDK (Solaris Production Release) 1.5 0_09 Sun JDK (Solaris Production Release) 1.5 0_03 Sun JDK (Solaris Production Release) 1.5 .0_05 Sun JDK (Solaris Production Release) 1.5 .0_04 Sun JDK (Solaris Production Release) 1.5 .0_03 Sun JDK (Solaris Production Release) 1.5 Sun JDK (Solaris Production Release) 1.6.0_03 Sun JDK (Solaris Production Release) 1.6.0_02 Sun JDK (Solaris Production Release) 1.6.0_01 Sun JDK (Solaris Production Release) 1.5.0_16 Sun JDK (Solaris Production Release) 1.5.0_13 Sun JDK (Solaris Production Release) 1.5.0_12 Sun JDK (Solaris Production Release) 1.5.0_11 Sun JDK (Linux Production Release) 1.6.0_03 Sun JDK (Linux Production Release) 1.6.0_02 Sun JDK (Linux Production Release) 1.6.0_01 Sun JDK (Linux Production Release) 1.6.0_01 Sun JDK 1.6 _01-b06 Sun JDK 1.5 _12 Sun JDK 1.5 _11-b03 Sun JDK 1.5 _07-b03 Sun JDK 1.5 .0_05 Sun JDK 1.5 Sun JDK 6.0 Update 7 Sun JDK 6.0 Update 6 Sun JDK 6.0 Update 5 Sun JDK 6.0 Update 4 Sun JDK 6.0 Update 3 Sun JDK 6.0 Update 2 Sun JDK 6.0 Update 14 Sun JDK 6.0 Update 13 Sun JDK 6.0 Update 11 Sun JDK 6.0 Update 10 Sun JDK 6.0 Update 1 Sun JDK 6.0 Sun JDK 5.0 Update 9 Sun JDK 5.0 Update 8 Sun JDK 5.0 Update 7 Sun JDK 5.0 Update 6 Sun JDK 5.0 Update 5 Sun JDK 5.0 Update 4 Sun JDK 5.0 Update 3 Sun JDK 5.0 Update 2 Sun JDK 5.0 Update 18 Sun JDK 5.0 Update 17 Sun JDK 5.0 Update 16 Sun JDK 5.0 Update 16 Sun JDK 5.0 Update 15 Sun JDK 5.0 Update 15 Sun JDK 5.0 Update 14 Sun JDK 5.0 Update 13 Sun JDK 5.0 Update 12 Sun JDK 5.0 Update 11 Sun JDK 5.0 Update 10 Sun JDK 5.0 Update 1 Sun JDK 1.5.0.11 Sun Java System Application Server Standard Platform 8.1 2005 Q1 Sun Java System Application Server Standard Edition 8.2 Sun Java System Application Server Platform Edition 8.1 2005 Q1 UR1 Sun Java System Application Server Platform Edition 8.1 2005 Q1 Sun Java System Application Server Platform Edition 8.2 Sun Java System Application Server Platform Edition 8.1 Sun Java System Application Server Enterprise Edition 8.1 2005Q1RHEL2.1/RHEL3 Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 Sun Java System Application Server Enterprise Edition 8.2 Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 Sun Java System Application Server Enterprise Edition 8.1 Sun Java System Application Server 8.0 Platform Edition Sun Java System Application Server 8.2 Sun Java System Application Server 8.1 Sun Java System Application Server 8.0 Sun Glassfish Enterprise Server 2.1 S.u.S.E. SUSE Linux Enterprise Server 9 S.u.S.E. SUSE Linux Enterprise Server 11 S.u.S.E. SUSE Linux Enterprise Server 10 SP2 S.u.S.E. SLES 11 S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 RedHat Red Hat Network Satellite (for RHEL 4) 5.1 RedHat Network Satellite (for RHEL 5 Server) 5.3 RedHat Network Satellite (for RHEL 4 AS) 5.3 RedHat JBoss Enterprise Application Platform 4.3 EL5 RedHat JBoss Enterprise Application Platform 4.3 EL4 RedHat JBoss Enterprise Application Platform 4.3 RedHat JBoss Enterprise Application Platform 4.2 EL5 RedHat JBoss Enterprise Application Platform 4.2 EL4 RedHat JBoss Enterprise Application Platform 4.2 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS Extras 4 RedHat Enterprise Linux WS Extras 3 RedHat Enterprise Linux Supplementary EUS 5.3.z RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux for SAP 0 RedHat Enterprise Linux Extras 4.8.z RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 RedHat Enterprise Linux EUS 5.3.z server RedHat Enterprise Linux ES Extras 4 RedHat Enterprise Linux ES Extras 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop Supplementary 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS Extras 4 RedHat Enterprise Linux AS Extras 3 RedHat Enterprise Linux 5 server RedHat Desktop Extras 4 RedHat Desktop Extras 3 Pardus Linux 2009 0 Oracle Primavera P6 Web Services 6.2.1 Oracle Primavera P6 Web Services 7.0 SP Oracle Primavera P6 Web Services 7.0 Oracle Primavera P6 Enterprise Project Portfolio Management 6.2.1 Oracle Primavera P6 Enterprise Project Portfolio Management 7.0 Oracle Primavera P6 Enterprise Project Portfolio Management 6.1 Oracle JRockit R27.6.4 Oracle JRockit R27.6.3 Oracle JRockit R27.6.2 Oracle JRockit R27.6.0 Oracle JRockit R27.1.0 Nortel Networks Self-Service WVADS 0 Nortel Networks Self-Service VoiceXML 0 Nortel Networks Self-Service Speech Server 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service CCXML 0 Nortel Networks Contact Center - CCT 0 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IBM Java SE 6.0 SR5 IBM J2SE 5.0 SR9 HP HP-UX 11.23 HP HP-UX 11.11 HP HP-UX 11.31 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Voice Portal 5.0 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5
Not Vulnerable:	VMWare vMA 4.0 Patch 2 VMWare VirtualCenter 2.5 Update 6 VMWare vCenter 4.0 Update 1 Sun JRE (Windows Production Release) 1.6.0_15 Sun JRE (Windows Production Release) 1.5.0_20 Sun JRE (Solaris Production Release) 1.6.0_15 Sun JRE (Solaris Production Release) 1.5.0_20 Sun JRE (Linux Production Release) 1.6.0_15 Sun JRE (Linux Production Release) 1.5.0_20 Sun JRE 6.0 Update 15 Sun JRE 5.0 Update 20 Sun JDK (Windows Production Release) 1.6.0_15 Sun JDK (Windows Production Release) 1.5.0_20 Sun JDK (Solaris Production Release) 1.6.0_15 Sun JDK (Solaris Production Release) 1.5.0_20 Sun JDK (Linux Production Release) 1.6.0_15 Sun JDK (Linux Production Release) 1.5.0_20 Sun JDK 6 Update 15 Sun JDK 5.0 Update 20 IBM J2SE 5.0 SR10