CVE-2011-1483 in Network Node Manager Iinfo

Summary

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

03/21/2011

Disclosure

07/29/2013

Moderation

VulDB entry created

Entries

1: VDB-64565

CPE

ready

CWE

CWE-404 (Confirmed)

CVSS

5.3

EPSS

0.03742

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1483
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1483
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1483/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!