CVE-2013-5372
CVE-2013-5372
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1507.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1508.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1509.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1793.htmlhttp://secunia.com/advisories/56338https://exchange.xforce.ibmcloud.com/vulnerabilities/86662https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473http://www-01.ibm.com/support/docview.wss?uid=swg21653087http://www-01.ibm.com/support/docview.wss?uid=swg21655201http://www-01.ibm.com/support/docview.wss?uid=swg21655202