PT-2015-4493 · Ibm · Ibm Rational Doors Next Generation+1
Publicado
2015-03-18
·
Atualizado
2015-03-18
·
CVE-2015-0132
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Rational DOORS Next Generation versions 4.x before 4.0.7 iFix3
IBM Rational DOORS Next Generation versions 5.x before 5.0.2
IBM Rational Requirements Composer versions 2.x and 3.x before 3.0.1.6 iFix5
IBM Rational Requirements Composer versions 4.x before 4.0.7 iFix3
Description
The XML parser does not properly detect recursion during entity expansion, allowing remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references.
Recommendations
For IBM Rational DOORS Next Generation versions 4.x before 4.0.7 iFix3, update to version 4.0.7 iFix3 or later.
For IBM Rational DOORS Next Generation versions 5.x before 5.0.2, update to version 5.0.2 or later.
For IBM Rational Requirements Composer versions 2.x and 3.x before 3.0.1.6 iFix5, update to version 3.0.1.6 iFix5 or later.
For IBM Rational Requirements Composer versions 4.x before 4.0.7 iFix3, update to version 4.0.7 iFix3 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Rational Doors Next Generation
Ibm Rational Requirements Composer