PT-2013-1041 · Ibm+2 · Ibm Websphere Message Broker+4

Published

2013-10-19

·

Updated

2017-08-29

·

CVE-2013-5372

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions IBM WebSphere Message Broker versions 6.1 through 6.1.0.12 IBM WebSphere Message Broker versions 7.0 through 7.0.0.7 IBM WebSphere Message Broker versions 8.0 through 8.0.0.4 IBM Integration Bus versions 9.0 through 9.0.0.1
Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption, via a crafted XML document that triggers expansion for many entities. This could result in a complete availability impact on the affected system.
Recommendations For IBM WebSphere Message Broker version 6.1, update to version 6.1.0.12 or later. For IBM WebSphere Message Broker version 7.0, update to version 7.0.0.7 or later. For IBM WebSphere Message Broker version 8.0, update to version 8.0.0.4 or later. For IBM Integration Bus version 9.0, update to version 9.0.0.1 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-00361
CVE-2013-5372
RHSA-2013:1507
RHSA-2013:1508
RHSA-2013:1509
RHSA-2013:1793
RHSA-2013_1507
RHSA-2013_1508
RHSA-2013_1509

Affected Products

Ibm Aix
Ibm Integration Bus
Ibm Websphere Message Broker
Red Hat
Suse