CVE-2014-4814

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0 through 7.0.0.2 CF28 IBM WebSphere Portal versions 8.0 through 8.0.0.1 CF14 IBM WebSphere Portal version 8.5.0 before CF03

Description The issue allows remote authenticated users to cause a denial of service due to improper detection of recursion during entity expansion. This can be achieved by sending a crafted XML document containing a large number of nested entity references, leading to memory and CPU consumption.

Recommendations For versions 6.1.0 through 6.1.0.6 CF27, update to a version outside of this range to resolve the issue. For versions 6.1.5 through 6.1.5.3 CF27, update to a version outside of this range to resolve the issue. For versions 7.0 through 7.0.0.2 CF28, update to a version outside of this range to resolve the issue. For versions 8.0 through 8.0.0.1 CF14, update to a version outside of this range to resolve the issue. For version 8.5.0 before CF03, update to version 8.5.0 CF03 or later to resolve the issue.