Denial of Service Vulnerability in IBM Rational DOORS Next Generation and Rational Requirements Composer
CVE-2015-0132

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Requirements Composer
Vendor: CVE Published:; 18 March 2015

Summary

The XML parser vulnerability in IBM Rational DOORS Next Generation and Rational Requirements Composer allows remote attackers to trigger a denial of service condition. This occurs through the submission of specially crafted XML documents that exploit recursion during entity expansion, leading to excessive memory consumption. Affected versions include Rational DOORS Next Generation versions earlier than 4.0.7 iFix3 and 5.0.2, as well as Rational Requirements Composer versions earlier than 3.0.1.6 iFix5.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21698248

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 18, 2015
Vulnerability Reserved
Nov 18, 2014