CVE-2013-5372 Information

Feb 14, 2021 cve

Description

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12 7.0 before 7.0.0.7 and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1509.html http://rhn.redhat.com/errata/RHSA-2013-1793.html http://secunia.com/advisories/56338 http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473 http://www-01.ibm.com/support/docview.wss?uid=swg21653087 http://www-01.ibm.com/support/docview.wss?uid=swg21655201 http://www-01.ibm.com/support/docview.wss?uid=swg21655202 https://exchange.xforce.ibmcloud.com/vulnerabilities/86662 https://www.ibm.com/developerworks/java/jdk/alerts/IBM_Security_Update_November_2013

Share on: