CVE-2013-5372

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
ibmwebsphere_message_broker
6.1
ibmwebsphere_message_broker
6.1.0.1
ibmwebsphere_message_broker
6.1.0.2
ibmwebsphere_message_broker
6.1.0.3
ibmwebsphere_message_broker
6.1.0.4
ibmwebsphere_message_broker
6.1.0.5
ibmwebsphere_message_broker
6.1.0.6
ibmwebsphere_message_broker
6.1.0.7
ibmwebsphere_message_broker
6.1.0.8
ibmwebsphere_message_broker
6.1.0.9
ibmwebsphere_message_broker
6.1.0.10
ibmwebsphere_message_broker
6.1.0.11
ibmwebsphere_message_broker
8.0
ibmwebsphere_message_broker
8.0.0.1
ibmwebsphere_message_broker
8.0.0.2
ibmwebsphere_message_broker
8.0.0.3
ibmwebsphere_message_broker
7.0.
ibmwebsphere_message_broker
7.0.0.1
ibmwebsphere_message_broker
7.0.0.2
ibmwebsphere_message_broker
7.0.0.3
ibmwebsphere_message_broker
7.0.0.4
ibmwebsphere_message_broker
7.0.0.5
ibmwebsphere_message_broker
7.0.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013