CVE-2011-1483

Опубликовано: 15 сент. 2011

Источник: redhat

CVSS2: 5

EPSS Низкий

Описание

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss BRMS 5	Security	Affected
JBEAP 4.2.0 for RHEL 4	jbossas	Fixed	RHSA-2011:1309	15.09.2011
JBEAP 4.2.0 for RHEL 5	jbossas	Fixed	RHSA-2011:1309	15.09.2011
JBEWP 5 for RHEL 5	jbossws-common	Fixed	RHSA-2011:1303	15.09.2011
JBEWP 5 for RHEL 6	jbossws-common	Fixed	RHSA-2011:1303	15.09.2011
JBoss Communications Platform 1.2		Fixed	RHSA-2011:1308	15.09.2011
JBoss Communications Platform 5.1		Fixed	RHSA-2011:1308	15.09.2011
JBoss Enterprise BRMS Platform 5.1		Fixed	RHSA-2011:1313	15.09.2011
Red Hat JBoss Enterprise Application Platform 4.2		Fixed	RHSA-2011:1310	15.09.2011
Red Hat JBoss Enterprise Application Platform 4.3		Fixed	RHSA-2011:1307	15.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=692584JBossWS remote Denial of Service

EPSS

Процентиль: 88%

0.03742

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2011-1483

nvd

больше 12 лет назад

GHSA-rj4p-7mm6-gm9j

github

больше 3 лет назад