Vulnerability Description
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Communications Platform | 1.2.11 |
| Redhat | Jboss Enterprise Application Platform | 4.2.0 |
| Redhat | Jboss Enterprise Brms Platform | 5.1.0 |
| Redhat | Jboss Enterprise Portal Platform | 4.3.0 |
| Redhat | Jboss Enterprise Soa Platform | 4.2.0 |
| Redhat | Jboss Enterprise Web Platform | 5.1.1 |
| Hp | Network Node Manager I | 9.0 |
References
- http://source.jboss.org/changelog/JBossWS/?cs=13996Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=692584
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0
- http://source.jboss.org/changelog/JBossWS/?cs=13996Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=692584
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0
FAQ
What is CVE-2011-1483?
CVE-2011-1483 is a vulnerability with a CVSS score of 5.0 (MEDIUM). wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platfo...
How severe is CVE-2011-1483?
CVE-2011-1483 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1483?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Communications Platform, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Brms Platform, Redhat Jboss Enterprise Portal Platform, Redhat Jboss Enterprise Soa Platform.