CVE-2013-5372

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

he XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_message_broker:6.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:websphere_message_broker:8.0:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ibm:websphere_message_broker:7.0.:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6:::::::*

History

21 Nov 2024, 01:57

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1507.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1507.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1508.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1508.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1509.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1509.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1793.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1793.html -
References	~~() http://secunia.com/advisories/56338 -~~	() http://secunia.com/advisories/56338 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21653087 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21653087 - Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21655201 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21655201 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21655202 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21655202 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/86662 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/86662 -
References	~~() https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 -~~	() https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 -

Information

Published : 2013-10-19 10:36

Updated : 2025-04-11 00:51

NVD link : CVE-2013-5372

Mitre link : CVE-2013-5372

CVE.ORG link : CVE-2013-5372

JSON object : View

Products Affected

ibm

websphere_message_broker

CWE

CWE-399

Resource Management Errors

4.3 /10