1. CVE-Search
  2. CVE-2013-5372
ID CVE-2013-5372
Summary The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2013:1507
  • rhsa
    id RHSA-2013:1508
  • rhsa
    id RHSA-2013:1509
  • rhsa
    id RHSA-2013:1793
rpms
  • java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10
  • java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4
  • java-1.7.0-ibm-demo-1:1.7.0.6.0-1jpp.1.el5_10
  • java-1.7.0-ibm-demo-1:1.7.0.6.0-1jpp.1.el6_4
  • java-1.7.0-ibm-devel-1:1.7.0.6.0-1jpp.1.el5_10
  • java-1.7.0-ibm-devel-1:1.7.0.6.0-1jpp.1.el6_4
  • java-1.7.0-ibm-jdbc-1:1.7.0.6.0-1jpp.1.el5_10
  • java-1.7.0-ibm-jdbc-1:1.7.0.6.0-1jpp.1.el6_4
  • java-1.7.0-ibm-plugin-1:1.7.0.6.0-1jpp.1.el5_10
  • java-1.7.0-ibm-plugin-1:1.7.0.6.0-1jpp.1.el6_4
  • java-1.7.0-ibm-src-1:1.7.0.6.0-1jpp.1.el5_10
  • java-1.7.0-ibm-src-1:1.7.0.6.0-1jpp.1.el6_4
  • java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.6.0-ibm-accessibility-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-demo-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-demo-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-devel-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.6.0-ibm-javacomm-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-javacomm-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.6.0-ibm-jdbc-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-jdbc-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.6.0-ibm-plugin-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-plugin-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.6.0-ibm-src-1:1.6.0.15.0-1jpp.1.el5_10
  • java-1.6.0-ibm-src-1:1.6.0.15.0-1jpp.1.el6_4
  • java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.5.0-ibm-accessibility-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-demo-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-demo-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.5.0-ibm-devel-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-devel-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.5.0-ibm-javacomm-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-javacomm-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.5.0-ibm-jdbc-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-jdbc-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.5.0-ibm-plugin-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-plugin-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.5.0-ibm-src-1:1.5.0.16.4-1jpp.1.el5_10
  • java-1.5.0-ibm-src-1:1.5.0.16.4-1jpp.1.el6_4
  • java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6
  • java-1.6.0-ibm-devel-1:1.6.0.15.0-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.15.0-1jpp.1.el6
refmap via4
aixapar IC96473
confirm
secunia 56338
suse SUSE-SU-2013:1677
xf ibm-xml4j-cve20135372-dos(86662)
Last major update 29-08-2017 - 01:33
Published 19-10-2013 - 10:36
Last modified 29-08-2017 - 01:33
Back to Top