OpenCVE

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Network Node Manager I
Redhat	Jboss Communications Platform Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform Jboss Soa Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_communications_platform:1.2.11:::::::*
	cpe:2.3:a:redhat:jboss_communications_platform:5.1.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp09::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06::::::
	cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:hp:network_node_manager_i:9.0:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.01:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.02:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.03:::::::*
	cpe:2.3:a:hp:network_node_manager_i:9.10:::::::*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
jbossas-0:4.2.0-6.GA_CP09.11.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2011:1309	2011-09-15T00:00:00Z
JBEAP 4.2.0 for RHEL 5
jbossas-0:4.2.0-6.GA_CP09.11.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2011:1309	2011-09-15T00:00:00Z
JBEWP 5 for RHEL 5
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_platform:5::el5	RHSA-2011:1303	2011-09-15T00:00:00Z
JBEWP 5 for RHEL 6
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_platform:5::el6	RHSA-2011:1303	2011-09-15T00:00:00Z
JBoss Communications Platform 1.2
	cpe:/a:redhat:jboss_communications_platform:1.2	RHSA-2011:1308	2011-09-15T00:00:00Z
JBoss Communications Platform 5.1
	cpe:/a:redhat:jboss_communications_platform:5.1	RHSA-2011:1308	2011-09-15T00:00:00Z
JBoss Enterprise BRMS Platform 5.1
	cpe:/a:redhat:jboss_enterprise_brms_platform:5.1	RHSA-2011:1313	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.2
	cpe:/a:redhat:jboss_enterprise_application_platform:4.2	RHSA-2011:1310	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3
	cpe:/a:redhat:jboss_enterprise_application_platform:4.3	RHSA-2011:1307	2011-09-15T00:00:00Z
	cpe:/a:redhat:jboss_enterprise_application_platform:4.3	RHSA-2011:1312	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
jbossws-common-0:1.0.0-5.GA_CP07_patch_01.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2011:1306	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
jbossws-common-0:1.0.0-5.GA_CP07_patch_01.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2011:1306	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.1
	cpe:/a:redhat:jboss_enterprise_application_platform:5.1	RHSA-2011:1302	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:5::el4	RHSA-2011:1301	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:5::el5	RHSA-2011:1301	2011-09-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6
jbossws-common-0:1.1.0-4.SP7_patch_02.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_application_platform:5::el6	RHSA-2011:1301	2011-09-15T00:00:00Z
Red Hat JBoss Portal 5
	cpe:/a:redhat:jboss_enterprise_portal_platform:5	RHSA-2011:1311	2011-09-15T00:00:00Z
Red Hat JBoss SOA Platform 4.2
	cpe:/a:redhat:jboss_soa_platform:4.2	RHSA-2011:1305	2011-09-15T00:00:00Z
Red Hat JBoss SOA Platform 4.3
	cpe:/a:redhat:jboss_soa_platform:4.3	RHSA-2011:1305	2011-09-15T00:00:00Z
Red Hat JBoss SOA Platform 5.1
	cpe:/a:redhat:jboss_soa_platform:5.1	RHSA-2011:1305	2011-09-15T00:00:00Z
Red Hat JBoss Web Platform 5.1
	cpe:/a:redhat:jboss_enterprise_web_platform:5.1	RHSA-2011:1304	2011-09-15T00:00:00Z

References

Link	Providers
http://source.jboss.org/changelog/JBossWS/?cs=13996
https://bugzilla.redhat.com/show_bug.cgi?id=692584
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583
https://nvd.nist.gov/vuln/detail/CVE-2011-1483
https://www.cve.org/CVERecord?id=CVE-2011-1483

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-07-28T18:00:00Z

Updated: 2024-08-06T22:28:41.626Z

Reserved: 2011-03-21T00:00:00Z

Link: CVE-2011-1483

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-29T13:59:54.843

Modified: 2024-11-21T01:26:25.077

Link: CVE-2011-1483

Redhat

Severity : Important

Publid Date: 2011-09-15T00:00:00Z

Links: CVE-2011-1483 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object