Vulnerability CVE-2011-1483


Published: 2013-07-29

Description:
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Jboss communications platform 
Redhat -> Jboss enterprise application platform 
Redhat -> Jboss enterprise brms platform 
Redhat -> Jboss enterprise portal platform 
Redhat -> Jboss enterprise soa platform 
Redhat -> Jboss enterprise web platform 
HP -> Network node manager i 

 References:
http://source.jboss.org/changelog/JBossWS/?cs=13996
https://bugzilla.redhat.com/show_bug.cgi?id=692584
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583

Copyright 2024, cxsecurity.com

 

Back to Top