3.5

CVE-2014-4814

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Portal Version6.1.0.0
IbmWebsphere Portal Version6.1.0.1
IbmWebsphere Portal Version6.1.0.2
IbmWebsphere Portal Version6.1.0.3
IbmWebsphere Portal Version6.1.0.4
IbmWebsphere Portal Version6.1.0.5
IbmWebsphere Portal Version6.1.0.6
IbmWebsphere Portal Version6.1.5.0
IbmWebsphere Portal Version6.1.5.1
IbmWebsphere Portal Version6.1.5.2
IbmWebsphere Portal Version6.1.5.3
IbmWebsphere Portal Version7.0.0.0
IbmWebsphere Portal Version7.0.0.1
IbmWebsphere Portal Version7.0.0.2
IbmWebsphere Portal Version8.0.0.0
IbmWebsphere Portal Version8.0.0.1
IbmWebsphere Portal Version8.5.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.726
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/59740
http://www-01.ibm.com/support/docview.wss?uid=swg21684651
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622
http://www.securityfocus.com/bid/70758
https://exchange.xforce.ibmcloud.com/vulnerabilities/95391