What is the severity of CVE-2015-0132?

CVE-2015-0132 has a moderate severity rating, as it can lead to denial of service due to improper detection of recursion in the XML parser.

How do I fix CVE-2015-0132?

To fix CVE-2015-0132, upgrade IBM Rational DOORS Next Generation or Rational Requirements Composer to the latest versions mentioned in the vulnerability report.

Which versions are affected by CVE-2015-0132?

CVE-2015-0132 affects IBM Rational DOORS Next Generation versions before 4.0.7 and 5.0.1, as well as Rational Requirements Composer versions before 4.0.7 iFix3.

Can CVE-2015-0132 be exploited remotely?

Yes, CVE-2015-0132 can be exploited by remote attackers which could lead to denial of service.

What systems are impacted by CVE-2015-0132?

CVE-2015-0132 impacts multiple versions of IBM Rational DOORS Next Generation and IBM Rational Requirements Composer across its various releases.

Vulnerability/
CVE-2015-0132

high

7.8

CWE

399

18/3/2015

6/8/2024

CVE-2015-0132

First published: Wed Mar 18 2015(Updated: )

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rational Requirements Composer	=2.0
IBM Rational Requirements Composer	=2.0.0.1
IBM Rational Requirements Composer	=2.0.0.2
IBM Rational Requirements Composer	=2.0.0.3
IBM Rational Requirements Composer	=2.0.0.4
IBM Rational Requirements Composer	=3.0
IBM Rational Requirements Composer	=3.0.1
IBM Rational Requirements Composer	=3.0.1.1
IBM Rational Requirements Composer	=3.0.1.2
IBM Rational Requirements Composer	=3.0.1.3
IBM Rational Requirements Composer	=3.0.1.4
IBM Rational Requirements Composer	=3.0.1.5
IBM Rational Requirements Composer	=3.0.1.6
IBM Rational Requirements Composer	=4.0
IBM Rational Requirements Composer	=4.0.0
IBM Rational Requirements Composer	=4.0.0.1
IBM Rational Requirements Composer	=4.0.0.2
IBM Rational Requirements Composer	=4.0.1
IBM Rational Requirements Composer	=4.0.2
IBM Rational Requirements Composer	=4.0.3
IBM Rational Requirements Composer	=4.0.4
IBM Rational Requirements Composer	=4.0.5
IBM Rational Requirements Composer	=4.0.6
IBM Rational Requirements Composer	=4.0.7
IBM Rational DOORS Next Generation	=4.0.0
IBM Rational DOORS Next Generation	=4.0.1
IBM Rational DOORS Next Generation	=4.0.2
IBM Rational DOORS Next Generation	=4.0.3
IBM Rational DOORS Next Generation	=4.0.4
IBM Rational DOORS Next Generation	=4.0.5
IBM Rational DOORS Next Generation	=4.0.6
IBM Rational DOORS Next Generation	=4.0.7
IBM Rational DOORS Next Generation	=5.0
IBM Rational DOORS Next Generation	=5.0.1

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21698248

Never miss a vulnerability like this again

Reference Links

http://www-01.ibm.com/support/docview.wss?uid=swg21698248

Frequently Asked Questions

What is the severity of CVE-2015-0132?
CVE-2015-0132 has a moderate severity rating, as it can lead to denial of service due to improper detection of recursion in the XML parser.
How do I fix CVE-2015-0132?
To fix CVE-2015-0132, upgrade IBM Rational DOORS Next Generation or Rational Requirements Composer to the latest versions mentioned in the vulnerability report.
Which versions are affected by CVE-2015-0132?
CVE-2015-0132 affects IBM Rational DOORS Next Generation versions before 4.0.7 and 5.0.1, as well as Rational Requirements Composer versions before 4.0.7 iFix3.
Can CVE-2015-0132 be exploited remotely?
Yes, CVE-2015-0132 can be exploited by remote attackers which could lead to denial of service.
What systems are impacted by CVE-2015-0132?
CVE-2015-0132 impacts multiple versions of IBM Rational DOORS Next Generation and IBM Rational Requirements Composer across its various releases.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/last-modified-date
agent/author
agent/severity
agent/tags
agent/references
agent/first-publish-date
agent/description
agent/event
agent/source
vendor/ibm
canonical/ibm rational requirements composer
version/ibm rational requirements composer/2.0
version/ibm rational requirements composer/2.0.0.1
version/ibm rational requirements composer/2.0.0.2
version/ibm rational requirements composer/2.0.0.3
version/ibm rational requirements composer/2.0.0.4
version/ibm rational requirements composer/3.0
version/ibm rational requirements composer/3.0.1
version/ibm rational requirements composer/3.0.1.1
version/ibm rational requirements composer/3.0.1.2
version/ibm rational requirements composer/3.0.1.3
version/ibm rational requirements composer/3.0.1.4
version/ibm rational requirements composer/3.0.1.5
version/ibm rational requirements composer/3.0.1.6
version/ibm rational requirements composer/4.0
version/ibm rational requirements composer/4.0.0
version/ibm rational requirements composer/4.0.0.1
version/ibm rational requirements composer/4.0.0.2
version/ibm rational requirements composer/4.0.1
version/ibm rational requirements composer/4.0.2
version/ibm rational requirements composer/4.0.3
version/ibm rational requirements composer/4.0.4
version/ibm rational requirements composer/4.0.5
version/ibm rational requirements composer/4.0.6
version/ibm rational requirements composer/4.0.7
canonical/ibm rational doors next generation
version/ibm rational doors next generation/4.0.0
version/ibm rational doors next generation/4.0.1
version/ibm rational doors next generation/4.0.2
version/ibm rational doors next generation/4.0.3
version/ibm rational doors next generation/4.0.4
version/ibm rational doors next generation/4.0.5
version/ibm rational doors next generation/4.0.6
version/ibm rational doors next generation/4.0.7
version/ibm rational doors next generation/5.0
version/ibm rational doors next generation/5.0.1

CVE-2015-0132

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0132?

How do I fix CVE-2015-0132?

Which versions are affected by CVE-2015-0132?

Can CVE-2015-0132 be exploited remotely?

What systems are impacted by CVE-2015-0132?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-0132?

How do I fix CVE-2015-0132?

Which versions are affected by CVE-2015-0132?

Can CVE-2015-0132 be exploited remotely?

What systems are impacted by CVE-2015-0132?