CVE-2011-1483

Table of Contents

Impact:
Important
Public Date:
2011-09-15
IAVA:
2011-B-0119
Bugzilla:
692584: CVE-2011-1483 JBossWS remote Denial of Service

The MITRE CVE dictionary describes this issue as:

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Find out more about CVE-2011-1483 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server (jbossas) RHSA-2011:1309 2011-09-15
Red Hat JBoss Enterprise Application Platform 4.3 RHSA-2011:1307 2011-09-15
JBoss Enterprise BRMS Platform 5.1 RHSA-2011:1313 2011-09-15
JBoss Communications Platform 5.1 RHSA-2011:1308 2011-09-15
Red Hat JBoss Web Platform 5.1 RHSA-2011:1304 2011-09-15
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jbossws-common) RHSA-2011:1301 2011-09-15
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (jbossws-common) RHSA-2011:1301 2011-09-15
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jbossws-common) RHSA-2011:1301 2011-09-15
Red Hat JBoss Enterprise Application Platform 4.2 RHSA-2011:1310 2011-09-15
Red Hat JBoss Web Platform 5 for RHEL 6 Server (jbossws-common) RHSA-2011:1303 2011-09-15
Red Hat JBoss Portal 5 RHSA-2011:1311 2011-09-15
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS (jbossas) RHSA-2011:1309 2011-09-15
Red Hat JBoss Enterprise Application Platform 4.3 RHSA-2011:1312 2011-09-15
Red Hat JBoss Web Platform 5 for RHEL 5 Server (jbossws-common) RHSA-2011:1303 2011-09-15
Red Hat JBoss SOA Platform 4.2 RHSA-2011:1305 2011-09-15
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS (jbossws-common) RHSA-2011:1306 2011-09-15
Red Hat JBoss Web Platform 5 for RHEL 4 AS (jbossws-common) RHSA-2011:1303 2011-09-15
Red Hat JBoss SOA Platform 4.3 RHSA-2011:1305 2011-09-15
JBoss Communications Platform 1.2 RHSA-2011:1308 2011-09-15
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server (jbossws-common) RHSA-2011:1306 2011-09-15
Red Hat JBoss SOA Platform 5.1 RHSA-2011:1305 2011-09-15
Red Hat JBoss Enterprise Application Platform 5.1 RHSA-2011:1302 2011-09-15
Last Modified

CVE description copyright © 2017, The MITRE Corporation