CVE-2011-1483
First published: Thu Mar 31 2011(Updated: )
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat jboss enterprise application platform | =4.2.0-cp09 | |
| redhat jboss enterprise application platform | =4.3.0 | |
| Red Hat JBoss Portal | =5.1.1 | |
| Red Hat JBoss Portal | =4.3.0-cp06 | |
| redhat jboss enterprise application platform | =5.1.1 | |
| Red Hat JBoss Enterprise SOA Platform | =5.1.0 | |
| Red Hat JBoss Enterprise SOA Platform | =4.2.0-cp05 | |
| Red Hat JBoss Communications Platform | =5.1.1 | |
| Red Hat JBoss Enterprise BRMS Platform | =5.1.0 | |
| Red Hat JBoss Enterprise SOA Platform | =4.3.0-cp05 | |
| Red Hat JBoss Enterprise Web Platform | =5.1.1 | |
| Red Hat JBoss Communications Platform | =1.2.11 | |
| HP Network Node Manager i | =9.03 | |
| HP Network Node Manager i | =9.0 | |
| HP Network Node Manager i | =9.10 | |
| HP Network Node Manager i | =9.01 | |
| HP Network Node Manager i | =9.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583
- https://bugzilla.redhat.com/show_bug.cgi?id=692584
- http://source.jboss.org/changelog/JBossWS/?cs=13996
- https://rhn.redhat.com/errata/RHSA-2011-1304.html
- https://rhn.redhat.com/errata/RHSA-2011-1303.html
- https://rhn.redhat.com/errata/RHSA-2011-1302.html
- https://rhn.redhat.com/errata/RHSA-2011-1301.html
- https://rhn.redhat.com/errata/RHSA-2011-1306.html
- https://rhn.redhat.com/errata/RHSA-2011-1307.html
- https://rhn.redhat.com/errata/RHSA-2011-1305.html
- https://rhn.redhat.com/errata/RHSA-2011-1308.html
- https://rhn.redhat.com/errata/RHSA-2011-1311.html
- https://rhn.redhat.com/errata/RHSA-2011-1310.html
- https://rhn.redhat.com/errata/RHSA-2011-1309.html
- https://rhn.redhat.com/errata/RHSA-2011-1312.html
- https://rhn.redhat.com/errata/RHSA-2011-1313.html
- http://source.jboss.org/changelog/JBossWS/?cs=13995
Frequently Asked Questions
What is the severity of CVE-2011-1483?
CVE-2011-1483 is classified as a medium severity vulnerability.
How do I fix CVE-2011-1483?
To fix CVE-2011-1483, upgrade to the latest versions of the affected JBoss software platforms as recommended by Red Hat.
Which software versions are affected by CVE-2011-1483?
CVE-2011-1483 affects specific versions of JBoss Enterprise Application Platform, JBoss Portal, JBoss SOA Platform, and other JBoss products.
What impact does CVE-2011-1483 have on affected systems?
CVE-2011-1483 can lead to potential denial of service on systems running the vulnerable JBoss products.
Is there a workaround for CVE-2011-1483?
While upgrading is the best option, specific configuration changes may reduce exposure to CVE-2011-1483, but are not a complete solution.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1483
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/4.2.0-cp09
- version/redhat jboss enterprise application platform/4.3.0
- canonical/red hat jboss portal
- version/red hat jboss portal/5.1.1
- version/red hat jboss portal/4.3.0-cp06
- version/redhat jboss enterprise application platform/5.1.1
- canonical/red hat jboss enterprise soa platform
- version/red hat jboss enterprise soa platform/5.1.0
- version/red hat jboss enterprise soa platform/4.2.0-cp05
- canonical/red hat jboss communications platform
- version/red hat jboss communications platform/5.1.1
- canonical/red hat jboss enterprise brms platform
- version/red hat jboss enterprise brms platform/5.1.0
- version/red hat jboss enterprise soa platform/4.3.0-cp05
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.1.1
- version/red hat jboss communications platform/1.2.11
- vendor/hp
- canonical/hp network node manager i
- version/hp network node manager i/9.03
- version/hp network node manager i/9.0
- version/hp network node manager i/9.10
- version/hp network node manager i/9.01
- version/hp network node manager i/9.02