CVE-2013-5372

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 19 October 2013

Summary

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21655202

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-1508.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 19, 2013
Vulnerability Reserved
Aug 22, 2013