CVE-2014-4814

Sažetak

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Reference

http://secunia.com/advisories/59740
http://www.securityfocus.com/bid/70758
http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622
http://www-01.ibm.com/support/docview.wss?uid=swg21684651
https://exchange.xforce.ibmcloud.com/vulnerabilities/95391

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:35

Objavljeno

28-10-2014 - 19:55