AI Sec Watch

A vulnerability in Oracle Java SE's JAXP component (a library for processing XML documents) allows attackers over the network to crash Java applications without authentication, affecting Java versions 6u141, 7u131, 8u121 and related products. The attack is difficult to exploit but can be delivered through multiple methods, including malicious Java Web Start applications (Java programs downloaded and run from the web) and web services. The vulnerability has a CVSS score (a 0-10 severity rating) of 5.9, indicating moderate impact focused on availability disruption.

CVE-2017-5653 is a security flaw in Apache CXF (a framework for building web services) versions before 3.1.11 and 3.0.13, where JAX-RS (Java API for REST web services) XML clients do not properly validate responses from services. This could allow attackers to exploit how the software processes XML data from web services it communicates with.

CVE-2016-0466 is an unspecified vulnerability in Oracle Java SE (the Java programming language and runtime environment) versions 6u105, 7u91, and 8u66 that affects system availability. The flaw exists in JAXP (Java API for XML Processing, a library for handling XML documents) and can be exploited remotely through Java Web Start applications, Java applets, or web services that use the affected Java components.

CVE-2013-2415 is an unspecified vulnerability in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, that affects the JAX-WS (Java API for XML Web Services, a tool for building web services) component and may leak sensitive information. The vulnerability requires local access (an attacker already on your computer) to exploit and cannot be used through untrusted applets or Java Web Start applications.

A vulnerability exists in Oracle Java SE versions 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier, as well as OpenJDK 6 and 7, related to JAXP (Java API for XML Processing, a tool for handling XML documents). Remote attackers can exploit this unspecified flaw to compromise the confidentiality, integrity, and availability of affected systems.

CVE-2012-5074 is an unspecified vulnerability in Oracle Java SE 7 Update 7 and earlier versions that affects the Java Runtime Environment (JRE, the software that runs Java programs on your computer). The vulnerability can only be exploited through untrusted Java Web Start applications and untrusted Java applets (small programs that run in web browsers), which are limited by the Java sandbox (a restricted environment that prevents programs from accessing sensitive system resources).