CVE-2013-5372

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-5372
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6:*:*:*:*:*:*:*
History

No history.

Information

Published : 2013-10-19 10:36

Updated : 2024-02-28 12:00

NVD link : CVE-2013-5372

Mitre link : CVE-2013-5372

CVE.ORG link : CVE-2013-5372

JSON object : View

Products Affected

ibm

  • websphere_message_broker
CWE
CWE-399

Resource Management Errors