CVE-2011-1483 - Vulnerability Details

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Network Node Manager I
Redhat	Jboss Communications Platform Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform Jboss Soa Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_communications_platform:1.2.11:::::::*
	cpe:2.3:a:redhat:jboss_communications_platform:5.1.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp09::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06::::::
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:hp:network_node_manager_i:9.0:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.01:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.02:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.03:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.10:::::::*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
jbossas-0:4.2.0-6.GA_CP09.11.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2011:1309	2011-09-15T00:00:00Z
JBEAP 4.2.0 for RHEL 5
jbossas-0:4.2.0-6.GA_CP09.11.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2011:1309	2011-09-15T00:00:00Z
JBEWP 5 for RHEL 5
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_platform:5::el5	RHSA-2011:1303	2011-09-15T00:00:00Z
JBEWP 5 for RHEL 6
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_platform:5::el6	RHSA-2011:1303	2011-09-15T00:00:00Z
JBoss Communications Platform 1.2
	cpe:/a:redhat:jboss_communications_platform:1.2	RHSA-2011:1308	2011-09-15T00:00:00Z
JBoss Communications Platform 5.1
	cpe:/a:redhat:jboss_communications_platform:5.1	RHSA-2011:1308	2011-09-15T00:00:00Z
JBoss Enterprise BRMS Platform 5.1
	cpe:/a:redhat:jboss_enterprise_brms_platform:5.1	RHSA-2011:1313	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.2
	cpe:/a:redhat:jboss_enterprise_application_platform:4.2	RHSA-2011:1310	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3
	cpe:/a:redhat:jboss_enterprise_application_platform:4.3	RHSA-2011:1307	2011-09-15T00:00:00Z
	cpe:/a:redhat:jboss_enterprise_application_platform:4.3	RHSA-2011:1312	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
jbossws-common-0:1.0.0-5.GA_CP07_patch_01.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2011:1306	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
jbossws-common-0:1.0.0-5.GA_CP07_patch_01.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2011:1306	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.1
	cpe:/a:redhat:jboss_enterprise_application_platform:5.1	RHSA-2011:1302	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:5::el4	RHSA-2011:1301	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:5::el5	RHSA-2011:1301	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_application_platform:5::el6	RHSA-2011:1301	2011-09-15T00:00:00Z
Red Hat JBoss Portal 5
	cpe:/a:redhat:jboss_enterprise_portal_platform:5	RHSA-2011:1311	2011-09-15T00:00:00Z
Red Hat JBoss SOA Platform 4.2
	cpe:/a:redhat:jboss_soa_platform:4.2	RHSA-2011:1305	2011-09-15T00:00:00Z
Red Hat JBoss SOA Platform 4.3
	cpe:/a:redhat:jboss_soa_platform:4.3	RHSA-2011:1305	2011-09-15T00:00:00Z
Red Hat JBoss SOA Platform 5.1
	cpe:/a:redhat:jboss_soa_platform:5.1	RHSA-2011:1305	2011-09-15T00:00:00Z
Red Hat JBoss Web Platform 5.1
	cpe:/a:redhat:jboss_enterprise_web_platform:5.1	RHSA-2011:1304	2011-09-15T00:00:00Z

References

Link	Providers
http://source.jboss.org/changelog/JBossWS/?cs=13996
https://bugzilla.redhat.com/show_bug.cgi?id=692584
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583
https://nvd.nist.gov/vuln/detail/CVE-2011-1483
https://www.cve.org/CVERecord?id=CVE-2011-1483

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-07-28T18:00:00Z

Updated: 2024-08-06T22:28:41.626Z

Reserved: 2011-03-21T00:00:00Z

Link: CVE-2011-1483

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-29T13:59:54.843

Modified: 2024-11-21T01:26:25.077

Link: CVE-2011-1483

Redhat

Severity : Important

Publid Date: 2011-09-15T00:00:00Z

Links: CVE-2011-1483 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object