PT-2015-4493 · Ibm · Ibm Rational Doors Next Generation+1
Published
2015-03-18
·
Updated
2015-03-18
·
CVE-2015-0132
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Rational DOORS Next Generation versions 4.x before 4.0.7 iFix3
IBM Rational DOORS Next Generation versions 5.x before 5.0.2
IBM Rational Requirements Composer versions 2.x and 3.x before 3.0.1.6 iFix5
IBM Rational Requirements Composer versions 4.x before 4.0.7 iFix3
Description
The XML parser does not properly detect recursion during entity expansion, allowing remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references.
Recommendations
For IBM Rational DOORS Next Generation versions 4.x before 4.0.7 iFix3, update to version 4.0.7 iFix3 or later.
For IBM Rational DOORS Next Generation versions 5.x before 5.0.2, update to version 5.0.2 or later.
For IBM Rational Requirements Composer versions 2.x and 3.x before 3.0.1.6 iFix5, update to version 3.0.1.6 iFix5 or later.
For IBM Rational Requirements Composer versions 4.x before 4.0.7 iFix3, update to version 4.0.7 iFix3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Doors Next Generation
Ibm Rational Requirements Composer