Vulnerability Description
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Portal | 6.1.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59740
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622
- http://www-01.ibm.com/support/docview.wss?uid=swg21684651PatchVendor Advisory
- http://www.securityfocus.com/bid/70758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95391
- http://secunia.com/advisories/59740
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622
- http://www-01.ibm.com/support/docview.wss?uid=swg21684651PatchVendor Advisory
- http://www.securityfocus.com/bid/70758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95391
FAQ
What is CVE-2014-4814?
CVE-2014-4814 is a vulnerability with a CVSS score of 3.5 (LOW). IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity ...
How severe is CVE-2014-4814?
CVE-2014-4814 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4814?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Portal.