CVE-2011-1483 : Detail

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Redhat>>Jboss_communications_platform >> Version 1.2.11

• Redhat>>Jboss_communications_platform >> Version 1.2.11 (Open CPE detail)

Redhat>>Jboss_communications_platform >> Version 5.1.1

• Redhat>>Jboss_communications_platform >> Version 5.1.1 (Open CPE detail)

Redhat>>Jboss_enterprise_application_platform >> Version 4.2.0

• Redhat>>Jboss_enterprise_application_platform >> Version 4.2.0 (Open CPE detail)

Redhat>>Jboss_enterprise_application_platform >> Version 4.3.0

• Redhat>>Jboss_enterprise_application_platform >> Version 4.3.0 (Open CPE detail)
• Redhat>>Jboss_enterprise_application_platform >> Version 4.3.0 (Open CPE detail)

Redhat>>Jboss_enterprise_application_platform >> Version 5.1.1

• Redhat>>Jboss_enterprise_application_platform >> Version 5.1.1 (Open CPE detail)

Redhat>>Jboss_enterprise_brms_platform >> Version 5.1.0

• Redhat>>Jboss_enterprise_brms_platform >> Version 5.1.0 (Open CPE detail)

Redhat>>Jboss_enterprise_portal_platform >> Version 4.3.0

• Redhat>>Jboss_enterprise_portal_platform >> Version 4.3.0 (Open CPE detail)

Redhat>>Jboss_enterprise_portal_platform >> Version 5.1.1

• Redhat>>Jboss_enterprise_portal_platform >> Version 5.1.1 (Open CPE detail)

Redhat>>Jboss_enterprise_soa_platform >> Version 4.2.0

• Redhat>>Jboss_enterprise_soa_platform >> Version 4.2.0 (Open CPE detail)

Redhat>>Jboss_enterprise_soa_platform >> Version 4.3.0

• Redhat>>Jboss_enterprise_soa_platform >> Version 4.3.0 (Open CPE detail)

Redhat>>Jboss_enterprise_soa_platform >> Version 5.1.0

• Redhat>>Jboss_enterprise_soa_platform >> Version 5.1.0 (Open CPE detail)

Redhat>>Jboss_enterprise_web_platform >> Version 5.1.1

• Redhat>>Jboss_enterprise_web_platform >> Version 5.1.1 (Open CPE detail)

Configuraton 0

Hp>>Network_node_manager_i >> Version 9.0

• Hp>>Network_node_manager_i >> Version 9.0 (Open CPE detail)

Hp>>Network_node_manager_i >> Version 9.01

• Hp>>Network_node_manager_i >> Version 9.01 (Open CPE detail)

Hp>>Network_node_manager_i >> Version 9.02

• Hp>>Network_node_manager_i >> Version 9.02 (Open CPE detail)

Hp>>Network_node_manager_i >> Version 9.03

• Hp>>Network_node_manager_i >> Version 9.03 (Open CPE detail)

Hp>>Network_node_manager_i >> Version 9.10

• Hp>>Network_node_manager_i >> Version 9.10 (Open CPE detail)

References