Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2009-2625

Published: Aug 06, 2009 | Modified: Apr 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2009-2625
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Affected Software

NameVendorStart VersionEnd Version
JdkOracle1.5.0 (including)1.5.0 (including)
JdkOracle1.5.0-update1 (including)1.5.0-update1 (including)
JdkOracle1.5.0-update10 (including)1.5.0-update10 (including)
JdkOracle1.5.0-update11 (including)1.5.0-update11 (including)
JdkOracle1.5.0-update12 (including)1.5.0-update12 (including)
JdkOracle1.5.0-update13 (including)1.5.0-update13 (including)
JdkOracle1.5.0-update14 (including)1.5.0-update14 (including)
JdkOracle1.5.0-update15 (including)1.5.0-update15 (including)
JdkOracle1.5.0-update16 (including)1.5.0-update16 (including)
JdkOracle1.5.0-update17 (including)1.5.0-update17 (including)
JdkOracle1.5.0-update18 (including)1.5.0-update18 (including)
JdkOracle1.5.0-update19 (including)1.5.0-update19 (including)
JdkOracle1.5.0-update2 (including)1.5.0-update2 (including)
JdkOracle1.5.0-update3 (including)1.5.0-update3 (including)
JdkOracle1.5.0-update4 (including)1.5.0-update4 (including)
JdkOracle1.5.0-update5 (including)1.5.0-update5 (including)
JdkOracle1.5.0-update6 (including)1.5.0-update6 (including)
JdkOracle1.5.0-update7 (including)1.5.0-update7 (including)
JdkOracle1.5.0-update8 (including)1.5.0-update8 (including)
JdkOracle1.5.0-update9 (including)1.5.0-update9 (including)
JdkOracle1.6.0 (including)1.6.0 (including)
JdkOracle1.6.0-update1 (including)1.6.0-update1 (including)
JdkOracle1.6.0-update10 (including)1.6.0-update10 (including)
JdkOracle1.6.0-update11 (including)1.6.0-update11 (including)
JdkOracle1.6.0-update12 (including)1.6.0-update12 (including)
JdkOracle1.6.0-update13 (including)1.6.0-update13 (including)
JdkOracle1.6.0-update14 (including)1.6.0-update14 (including)
JdkOracle1.6.0-update2 (including)1.6.0-update2 (including)
JdkOracle1.6.0-update3 (including)1.6.0-update3 (including)
JdkOracle1.6.0-update4 (including)1.6.0-update4 (including)
JdkOracle1.6.0-update5 (including)1.6.0-update5 (including)
JdkOracle1.6.0-update6 (including)1.6.0-update6 (including)
JdkOracle1.6.0-update7 (including)1.6.0-update7 (including)
Extras for RHEL 3RedHatjava-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3*
Extras for RHEL 4RedHatjava-1.5.0-sun-0:1.5.0.20-1jpp.1.el4*
Extras for RHEL 4RedHatjava-1.6.0-sun-1:1.6.0.15-1jpp.1.el4*
Extras for RHEL 4RedHatjava-1.5.0-ibm-1:1.5.0.10-1jpp.4.el4*
Extras for RHEL 4RedHatjava-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4*
Extras for RHEL 4RedHatjava-1.6.0-ibm-1:1.6.0.6-1jpp.3.el4*
JBEAP 4.2.0 for RHEL 4RedHatglassfish-javamail-0:1.4.2-0jpp.ep1.5.el4*
JBEAP 4.2.0 for RHEL 4RedHatglassfish-jsf-0:1.2_13-2.1.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHathibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4*
JBEAP 4.2.0 for RHEL 4RedHathibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHathibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjacorb-0:2.3.0-1jpp.ep1.9.el4*
JBEAP 4.2.0 for RHEL 4RedHatjakarta-commons-logging-jboss-0:1.1-9.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-aop-0:1.5.5-3.CP04.2.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjbossas-0:4.2.0-5.GA_CP08.5.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-common-0:1.2.1-0jpp.ep1.3.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-remoting-0:2.2.3-3.SP1.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-seam-0:1.2.1-1.ep1.22.el4*
JBEAP 4.2.0 for RHEL 4RedHatjbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4*
JBEAP 4.2.0 for RHEL 4RedHatjcommon-0:1.0.16-1.1.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjfreechart-0:1.0.13-2.3.1.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjgroups-1:2.4.7-1.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatquartz-0:1.5.2-1jpp.patch01.ep1.4.el4*
JBEAP 4.2.0 for RHEL 4RedHatrh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4*
JBEAP 4.2.0 for RHEL 4RedHatxerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4*
JBEAP 4.2.0 for RHEL 4RedHatxml-security-0:1.3.0-1.3.patch01.ep1.2.el4*
JBEAP 4.2.0 for RHEL 5RedHatglassfish-jsf-0:1.2_13-2.1.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHathibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5*
JBEAP 4.2.0 for RHEL 5RedHathibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHathibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjacorb-0:2.3.0-1jpp.ep1.9.1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjboss-aop-0:1.5.5-3.CP04.2.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjboss-common-0:1.2.1-0jpp.ep1.3.el5.1*
JBEAP 4.2.0 for RHEL 5RedHatjboss-remoting-0:2.2.3-3.SP1.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjboss-seam-0:1.2.1-1.ep1.14.el5*
JBEAP 4.2.0 for RHEL 5RedHatjbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5*
JBEAP 4.2.0 for RHEL 5RedHatjcommon-0:1.0.16-1.1.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjfreechart-0:1.0.13-2.3.1.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatjgroups-1:2.4.7-1.ep1.el5*
JBEAP 4.2.0 for RHEL 5RedHatquartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5*
JBEAP 4.2.0 for RHEL 5RedHatrh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5*
JBEAP 4.2.0 for RHEL 5RedHatxml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5*
Red Hat Enterprise Linux 5RedHatjava-1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5*
Red Hat Enterprise Linux 5RedHatxerces-j2-0:2.7.1-7jpp.2.el5_4.2*
Red Hat Enterprise Linux 6RedHatxerces-j2-0:2.7.1-12.6.el6_0*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatglassfish-javamail-0:1.4.2-0jpp.ep1.5.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatglassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatglassfish-jsf-0:1.2_13-2.1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHathibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHathibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHathibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjacorb-0:2.3.0-1jpp.ep1.9.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjakarta-commons-logging-jboss-0:1.1-9.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-aop-0:1.5.5-3.CP04.2.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossas-0:4.3.0-6.GA_CP07.4.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-common-0:1.2.1-0jpp.ep1.3.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-remoting-0:2.2.3-3.SP1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-seam2-0:2.0.2.FP-1.ep1.21.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjcommon-0:1.0.16-1.1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjfreechart-0:1.0.13-2.3.1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjgroups-1:2.4.7-1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatquartz-0:1.5.2-1jpp.patch01.ep1.4.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatrh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatxerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatxml-security-0:1.3.0-1.3.patch01.ep1.2.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-jsf-0:1.2_13-2.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjacorb-0:2.3.0-1jpp.ep1.9.1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-aop-0:1.5.5-3.CP04.2.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-common-0:1.2.1-0jpp.ep1.3.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-remoting-0:2.2.3-3.SP1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-seam2-0:2.0.2.FP-1.ep1.18.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjcommon-0:1.0.16-1.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjfreechart-0:1.0.13-2.3.1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjgroups-1:2.4.7-1.ep1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatquartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatrh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatxml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5*
Red Hat JBoss Operations Network 3.1RedHat*
Red Hat JBoss Portal 5.2RedHat*
Red Hat JBoss Web Framework Kit 2.2RedHat*
Red Hat Network Satellite Server v 5.1RedHatjava-1.5.0-sun-0:1.5.0.22-1jpp.1.el4*
Red Hat Network Satellite Server v 5.3RedHatjava-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4*
RHEL 4 for SAPRedHatjava-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8*
RHEL 5 for SAPRedHatjava-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3*
RHEV Manager version 3.0RedHatjasperreports-server-pro-0:4.7.1-2.el6ev*
Supplementary for Red Hat Enterprise Linux 5RedHatjava-1.5.0-sun-0:1.5.0.20-1jpp.1.el5*
Supplementary for Red Hat Enterprise Linux 5RedHatjava-1.6.0-sun-1:1.6.0.15-1jpp.1.el5*
Supplementary for Red Hat Enterprise Linux 5RedHatjava-1.5.0-ibm-1:1.5.0.10-1jpp.4.el5*
Supplementary for Red Hat Enterprise Linux 5RedHatjava-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5*
Supplementary for Red Hat Enterprise Linux 5RedHatjava-1.6.0-ibm-1:1.6.0.6-1jpp.3.el5*
ExpatUbuntudapper*
ExpatUbuntudevel*
ExpatUbuntuhardy*
ExpatUbuntuintrepid*
ExpatUbuntujaunty*
ExpatUbuntukarmic*
ExpatUbuntulucid*
ExpatUbuntumaverick*
ExpatUbuntuupstream*
Openjdk-6Ubuntuhardy*
Openjdk-6Ubuntuintrepid*
Openjdk-6Ubuntujaunty*
Openjdk-6Ubuntuupstream*
Sun-java5Ubuntudapper*
Sun-java5Ubuntugutsy*
Sun-java5Ubuntuintrepid*
Sun-java5Ubuntujaunty*
Sun-java5Ubuntuupstream*
Sun-java6Ubuntuhardy*
Sun-java6Ubuntuintrepid*
Sun-java6Ubuntujaunty*
Sun-java6Ubuntukarmic*
Sun-java6Ubuntulucid*
Sun-java6Ubuntuupstream*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use