Vulnerability Details CVE-2013-5372
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://rhn.redhat.com/errata/RHSA-2013-1508.html
- http://rhn.redhat.com/errata/RHSA-2013-1509.html
- http://rhn.redhat.com/errata/RHSA-2013-1793.html
- http://secunia.com/advisories/56338
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
- http://www-01.ibm.com/support/docview.wss?uid=swg21653087
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://rhn.redhat.com/errata/RHSA-2013-1508.html
- http://rhn.redhat.com/errata/RHSA-2013-1509.html
- http://rhn.redhat.com/errata/RHSA-2013-1793.html
- http://secunia.com/advisories/56338
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
- http://www-01.ibm.com/support/docview.wss?uid=swg21653087
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
Products affected by CVE-2013-5372
-
cpe:2.3:a:ibm:websphere_message_broker:6.1
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6
-
cpe:2.3:a:ibm:websphere_message_broker:8.0
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3