CVE-2009-1885 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-1885 PUBLISHED CVSS 4.300000190734863 MEDIUM

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

EPSS 14.15% · 94.3th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

14.15%

94.3th percentile

Affected Products

Vendor	Product	Versions
apache	xerces-c\+\+	2.7.0, 2.8.0
n/a	n/a	n/a

Timeline

Aug 11, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 17, 2022 EPSS Score
Jul 18, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

35986 vdb
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html url
http://www.cert.fi/en/reports/2009/vulnerability2009085.html url
http://www.codenomicon.com/labs/xml/ url
FEDORA-2009-8345 vendor-advisory
36201 third-party-advisory
ADV-2009-2196 vdb
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch url
FEDORA-2009-8305 vendor-advisory
MDVSA-2009:223 vendor-advisory
xerces-c-dtd-dos(52321) vdb
FEDORA-2009-8350 vendor-advisory
http://svn.apache.org/viewvc?view=rev&revision=781488 url
https://bugzilla.redhat.com/show_bug.cgi?id=515515 url
FEDORA-2009-8332 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-1885 advisory
http://www.codenomicon.com/labs/xml url

Open in Interactive Console →