CVE-2011-1483
First published: Thu Mar 31 2011(Updated: )
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Application Platform | =4.2.0-cp09 | |
| Redhat Jboss Enterprise Application Platform | =4.3.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.1 | |
| Redhat Jboss Enterprise Portal Platform | =4.3.0-cp06 | |
| Redhat Jboss Enterprise Application Platform | =5.1.1 | |
| Redhat Jboss Enterprise Soa Platform | =5.1.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp05 | |
| Redhat Jboss Communications Platform | =5.1.1 | |
| Redhat Jboss Enterprise Brms Platform | =5.1.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp05 | |
| Redhat Jboss Enterprise Web Platform | =5.1.1 | |
| Redhat Jboss Communications Platform | =1.2.11 | |
| HP Network Node Manager i | =9.03 | |
| HP Network Node Manager i | =9.0 | |
| HP Network Node Manager i | =9.10 | |
| HP Network Node Manager i | =9.01 | |
| HP Network Node Manager i | =9.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583
- https://bugzilla.redhat.com/show_bug.cgi?id=692584
- http://source.jboss.org/changelog/JBossWS/?cs=13996
- https://rhn.redhat.com/errata/RHSA-2011-1304.html
- https://rhn.redhat.com/errata/RHSA-2011-1303.html
- https://rhn.redhat.com/errata/RHSA-2011-1302.html
- https://rhn.redhat.com/errata/RHSA-2011-1301.html
- https://rhn.redhat.com/errata/RHSA-2011-1306.html
- https://rhn.redhat.com/errata/RHSA-2011-1307.html
- https://rhn.redhat.com/errata/RHSA-2011-1305.html
- https://rhn.redhat.com/errata/RHSA-2011-1308.html
- https://rhn.redhat.com/errata/RHSA-2011-1311.html
- https://rhn.redhat.com/errata/RHSA-2011-1310.html
- https://rhn.redhat.com/errata/RHSA-2011-1309.html
- https://rhn.redhat.com/errata/RHSA-2011-1312.html
- https://rhn.redhat.com/errata/RHSA-2011-1313.html
- http://source.jboss.org/changelog/JBossWS/?cs=13995
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1483
- agent/tags
- agent/trending
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/4.2.0-cp09
- version/redhat jboss enterprise application platform/4.3.0
- canonical/redhat jboss enterprise portal platform
- version/redhat jboss enterprise portal platform/5.1.1
- version/redhat jboss enterprise portal platform/4.3.0-cp06
- version/redhat jboss enterprise application platform/5.1.1
- canonical/redhat jboss enterprise soa platform
- version/redhat jboss enterprise soa platform/5.1.0
- version/redhat jboss enterprise soa platform/4.2.0-cp05
- canonical/redhat jboss communications platform
- version/redhat jboss communications platform/5.1.1
- canonical/redhat jboss enterprise brms platform
- version/redhat jboss enterprise brms platform/5.1.0
- version/redhat jboss enterprise soa platform/4.3.0-cp05
- canonical/redhat jboss enterprise web platform
- version/redhat jboss enterprise web platform/5.1.1
- version/redhat jboss communications platform/1.2.11
- vendor/hp
- canonical/hp network node manager i
- version/hp network node manager i/9.03
- version/hp network node manager i/9.0
- version/hp network node manager i/9.10
- version/hp network node manager i/9.01
- version/hp network node manager i/9.02