What is CVE-2013-4002?

CVE-2013-4002 is a vulnerability in Apache Xerces2_java. Published 2013-07-23.

Is CVE-2013-4002 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Xerces2_java

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and…

EPSS: 0.080 (92.3th percentile) — read the EPSS interpretation.

Affected products

Apache Xerces2_java
Hp Hp-ux
Ibm Aix
Ibm Host_on-demand — versions 11.0, 11.0.1, 11.0.2
Ibm I
Ibm Java — versions 5.0.0.0, 5.0.11.0, 5.0.11.1
Ibm Sterling_b2b_integrator — versions 5.2.4, 5.1, 5.2
Ibm Sterling_file_gateway — versions 2.1, 2.2
Ibm Tivoli_application_dependency_discovery_manager — versions 7.2.2
Linux Linux_kernel

Public proof-of-concept exploits

tafamace/CVE-2013-4002

References

IC98015 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)
RHSA-2013:1060 (x_refsource_REDHAT, vendor-advisory, Broken Link)
RHSA-2014:0414 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
GLSA-201406-32 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
RHSA-2013:1447 (x_refsource_REDHAT, vendor-advisory, Broken Link)
RHSA-2015:0765 (x_refsource_REDHAT, vendor-advisory, Broken Link)
RHSA-2013:1440 (x_refsource_REDHAT, vendor-advisory, Broken Link)
RHSA-2015:0675 (x_refsource_REDHAT, vendor-advisory, Broken Link)
61310 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
RHSA-2015:0773 (x_refsource_REDHAT, vendor-advisory, Broken Link)

Frequently asked questions

What is CVE-2013-4002?: CVE-2013-4002 is a vulnerability in Apache Xerces2_java. Published 2013-07-23.
Is CVE-2013-4002 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.