CVE-2008-0628

NameCVE-2008-0628
DescriptionThe XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sun-java5source(unstable)(not affected)
sun-java6source(unstable)6-04-1

Notes

- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)

Search for package or bug name: Reporting problems