Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-4002. PoCs published by tafamace.
AI-analyzed exploit summary The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality. It lacks any reference to CVE-2013-4002 or exploit logic.
Description
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
Exploits (1)
nomisec
STUB
by tafamace · poc
https://github.com/tafamace/CVE-2013-4002
The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality. It lacks any reference to CVE-2013-4002 or exploit logic.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
unknown
No auth needed
Prerequisites:
none
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (49)
Core 49
Core References
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1060.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2014:0414
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1447.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0765.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1440.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0675.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61310
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0773.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0720.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2033-1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2089-1
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=138674073720143&w=2
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1505.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=138674031212883&w=2
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1822.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56257
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1059.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1823.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
Broken Link, Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1081.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1451.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1818.html
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1821.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Broken Link x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21648172
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21657539
Issue Tracking, Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/XERCESJ-1679
Patch, Vendor Advisory x_refsource_confirm
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21644197
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21653371
Vendor Advisory x_refsource_misc
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5982
Third Party Advisory x_refsource_confirm
https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Vendor Advisory x_refsource_confirm
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002
Third Party Advisory x_refsource_confirm
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
Scores
EPSS
0.0743
EPSS Percentile
92.0%
Details
Status
published
Products (50)
apache/xerces2_java
2.4.0 - 2.12.0
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
canonical/ubuntu_linux
13.10
ibm/host_on-demand
11.0
ibm/host_on-demand
11.0.1
ibm/host_on-demand
11.0.2
ibm/host_on-demand
11.0.3
... and 40 more
Published
Jul 23, 2013
Tracked Since
Feb 18, 2026