ID CVE-2014-4814
Summary IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 29-08-2017 - 01:35)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:N/A:P
refmap via4
aixapar PI24622
bid 70758
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21684651
secunia 59740
xf ibm-wsportal-cve20144814-xee(95391)
Last major update 29-08-2017 - 01:35
Published 28-10-2014 - 19:55
Back to Top