CVE-2013-5372

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-5372
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21653087 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*
Information

Published : 2013-10-19 03:36

Updated : 2017-08-28 18:33

NVD link : CVE-2013-5372

Mitre link : CVE-2013-5372

JSON object : View

CWE
CWE-399

Resource Management Errors

Advertisement

dedicated server usa
Products Affected

ibm

  • websphere_message_broker