[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253562

 
 

909

 
 

197267

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-5372Date: (C)2013-10-22   (M)2024-04-04


The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-56338
IC96473
RHSA-2013:1507
RHSA-2013:1508
RHSA-2013:1509
RHSA-2013:1793
SUSE-SU-2013:1677
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
ibm-xml4j-cve20135372-dos(86662)

CPE    23
cpe:/a:ibm:websphere_message_broker:8.0
cpe:/a:ibm:websphere_message_broker:6.1
cpe:/a:ibm:websphere_message_broker:8.0.0.1
cpe:/a:ibm:websphere_message_broker:6.1.0.4
...
CWE    1
CWE-399
OVAL    5
oval:org.secpod.oval:def:505376
oval:org.secpod.oval:def:505315
oval:org.secpod.oval:def:505610
oval:org.secpod.oval:def:90224
...

© SecPod Technologies