4.3

CVE-2013-5372

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Message Broker Version6.1
IbmWebsphere Message Broker Version6.1.0.1
IbmWebsphere Message Broker Version6.1.0.2
IbmWebsphere Message Broker Version6.1.0.3
IbmWebsphere Message Broker Version6.1.0.4
IbmWebsphere Message Broker Version6.1.0.5
IbmWebsphere Message Broker Version6.1.0.6
IbmWebsphere Message Broker Version6.1.0.7
IbmWebsphere Message Broker Version6.1.0.8
IbmWebsphere Message Broker Version6.1.0.9
IbmWebsphere Message Broker Version6.1.0.10
IbmWebsphere Message Broker Version6.1.0.11
IbmWebsphere Message Broker Version8.0
IbmWebsphere Message Broker Version8.0.0.1
IbmWebsphere Message Broker Version8.0.0.2
IbmWebsphere Message Broker Version8.0.0.3
IbmWebsphere Message Broker Version7.0.
IbmWebsphere Message Broker Version7.0.0.1
IbmWebsphere Message Broker Version7.0.0.2
IbmWebsphere Message Broker Version7.0.0.3
IbmWebsphere Message Broker Version7.0.0.4
IbmWebsphere Message Broker Version7.0.0.5
IbmWebsphere Message Broker Version7.0.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.81% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013