CVE-2011-1483
Published Jul 29, 2013
Last updated 5 years ago
Overview
- Description
- wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_communications_platform:1.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61E717F5-FFB9-4DA4-97C6-27547D3A98F0"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_communications_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CF36D3A-2C79-4D2A-B056-5191E2E300D2"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp09:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62DB623C-09B0-4192-B0A2-6C9DFA4192CA"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C13890AE-5FDE-4698-8A2E-1B2FA0A313AF"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E911B601-2A14-4C23-81FF-689DBDB79626"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A87344DF-9FA8-40B6-98B2-A43FB86BBB6E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A62117F2-5513-4998-8FDC-64564BBD00EC"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF1898E-1A25-442B-865F-1C27B9E5F0D1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67BD448A-745D-4387-ABC8-A18DF142574D"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F20B8708-8EC6-4B0E-9693-131F91A4FC15"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "899790F1-1433-4A2C-85F4-60AE6BEDF3AF"
},
{
"criteria": "cpe:2.3:a:hp:network_node_manager_i:9.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43E355CC-0EA2-4616-AC3D-779F4C3355D9"
},
{
"criteria": "cpe:2.3:a:hp:network_node_manager_i:9.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9A255A7-DA25-415E-9A8B-B9F4255BBE8F"
},
{
"criteria": "cpe:2.3:a:hp:network_node_manager_i:9.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BF858DE-201F-4345-9BDE-A6078FF5DB3D"
},
{
"criteria": "cpe:2.3:a:hp:network_node_manager_i:9.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9F65FEE-440D-4A21-A6E5-929253875FB2"
}
],
"operator": "OR"
}
]
}
]