5

CVE-2011-1483

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Data is provided by the National Vulnerability Database (NVD)
RedhatJboss Enterprise Application Platform Version4.2.0 Updatecp09
RedhatJboss Enterprise Portal Platform Version4.3.0 Updatecp06
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatecp05
RedhatJboss Enterprise Soa Platform Version4.3.0 Updatecp05
HpNetwork Node Manager I Version9.0
HpNetwork Node Manager I Version9.01
HpNetwork Node Manager I Version9.02
HpNetwork Node Manager I Version9.03
HpNetwork Node Manager I Version9.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.37% 0.785
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P