CVE-2015-0132
First published: Wed Mar 18 2015(Updated: )
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Requirements Composer | =2.0 | |
| IBM Rational Requirements Composer | =2.0.0.1 | |
| IBM Rational Requirements Composer | =2.0.0.2 | |
| IBM Rational Requirements Composer | =2.0.0.3 | |
| IBM Rational Requirements Composer | =2.0.0.4 | |
| IBM Rational Requirements Composer | =3.0 | |
| IBM Rational Requirements Composer | =3.0.1 | |
| IBM Rational Requirements Composer | =3.0.1.1 | |
| IBM Rational Requirements Composer | =3.0.1.2 | |
| IBM Rational Requirements Composer | =3.0.1.3 | |
| IBM Rational Requirements Composer | =3.0.1.4 | |
| IBM Rational Requirements Composer | =3.0.1.5 | |
| IBM Rational Requirements Composer | =3.0.1.6 | |
| IBM Rational Requirements Composer | =4.0 | |
| IBM Rational Requirements Composer | =4.0.0 | |
| IBM Rational Requirements Composer | =4.0.0.1 | |
| IBM Rational Requirements Composer | =4.0.0.2 | |
| IBM Rational Requirements Composer | =4.0.1 | |
| IBM Rational Requirements Composer | =4.0.2 | |
| IBM Rational Requirements Composer | =4.0.3 | |
| IBM Rational Requirements Composer | =4.0.4 | |
| IBM Rational Requirements Composer | =4.0.5 | |
| IBM Rational Requirements Composer | =4.0.6 | |
| IBM Rational Requirements Composer | =4.0.7 | |
| IBM Rational DOORS Next Generation | =4.0.0 | |
| IBM Rational DOORS Next Generation | =4.0.1 | |
| IBM Rational DOORS Next Generation | =4.0.2 | |
| IBM Rational DOORS Next Generation | =4.0.3 | |
| IBM Rational DOORS Next Generation | =4.0.4 | |
| IBM Rational DOORS Next Generation | =4.0.5 | |
| IBM Rational DOORS Next Generation | =4.0.6 | |
| IBM Rational DOORS Next Generation | =4.0.7 | |
| IBM Rational DOORS Next Generation | =5.0 | |
| IBM Rational DOORS Next Generation | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/2.0
- version/ibm rational requirements composer/2.0.0.1
- version/ibm rational requirements composer/2.0.0.2
- version/ibm rational requirements composer/2.0.0.3
- version/ibm rational requirements composer/2.0.0.4
- version/ibm rational requirements composer/3.0
- version/ibm rational requirements composer/3.0.1
- version/ibm rational requirements composer/3.0.1.1
- version/ibm rational requirements composer/3.0.1.2
- version/ibm rational requirements composer/3.0.1.3
- version/ibm rational requirements composer/3.0.1.4
- version/ibm rational requirements composer/3.0.1.5
- version/ibm rational requirements composer/3.0.1.6
- version/ibm rational requirements composer/4.0
- version/ibm rational requirements composer/4.0.0
- version/ibm rational requirements composer/4.0.0.1
- version/ibm rational requirements composer/4.0.0.2
- version/ibm rational requirements composer/4.0.1
- version/ibm rational requirements composer/4.0.2
- version/ibm rational requirements composer/4.0.3
- version/ibm rational requirements composer/4.0.4
- version/ibm rational requirements composer/4.0.5
- version/ibm rational requirements composer/4.0.6
- version/ibm rational requirements composer/4.0.7
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/4.0.0
- version/ibm rational doors next generation/4.0.1
- version/ibm rational doors next generation/4.0.2
- version/ibm rational doors next generation/4.0.3
- version/ibm rational doors next generation/4.0.4
- version/ibm rational doors next generation/4.0.5
- version/ibm rational doors next generation/4.0.6
- version/ibm rational doors next generation/4.0.7
- version/ibm rational doors next generation/5.0
- version/ibm rational doors next generation/5.0.1