Denial of Service Vulnerability in IBM WebSphere Message Broker and Integration Bus
CVE-2013-5372

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 19 October 2013

Summary

The XML4J parser in IBM WebSphere Message Broker and Integration Bus is susceptible to a denial of service attack due to improper handling of crafted XML documents. Attackers can exploit this vulnerability by sending specially constructed XML payloads, which can trigger excessive memory consumption by expanding numerous entities, ultimately leading to service disruption. Versions prior to 6.1.0.12, 7.0.0.7, 8.0.0.4 for WebSphere Message Broker and 9.0.0.1 for Integration Bus are affected.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21655202

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-1508.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 19, 2013
Vulnerability Reserved
Aug 22, 2013