Lucene search

IbmCVE-2014-4814

HistoryOct 28, 2014 - 7:55 p.m.

CVE-2014-4814

2014-10-2819:55:02

CWE-399

ibm

web.nvd.nist.gov

ibm

websphere

portal

xml

denial of service

cve-2014-4814

cve-2003-1564

security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch6.1.0.1

ibmwebsphere_portalMatch6.1.0.2

ibmwebsphere_portalMatch6.1.0.3

ibmwebsphere_portalMatch6.1.0.4

ibmwebsphere_portalMatch6.1.0.5

ibmwebsphere_portalMatch6.1.0.6

ibmwebsphere_portalMatch6.1.5.0

ibmwebsphere_portalMatch6.1.5.1

ibmwebsphere_portalMatch6.1.5.2

ibmwebsphere_portalMatch6.1.5.3

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.1

ibmwebsphere_portalMatch8.5.0.0

VendorProductVersionCPE
ibmwebsphere_portal6.1.0.0cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.1cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.2cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.3cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.4cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.5cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.6cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.0cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.1cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.2cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	6.1.0.0	cpe:2.3:a:ibm:websphere_portal:6.1.0.0:::::::*
ibm	websphere_portal	6.1.0.1	cpe:2.3:a:ibm:websphere_portal:6.1.0.1:::::::*
ibm	websphere_portal	6.1.0.2	cpe:2.3:a:ibm:websphere_portal:6.1.0.2:::::::*
ibm	websphere_portal	6.1.0.3	cpe:2.3:a:ibm:websphere_portal:6.1.0.3:::::::*
ibm	websphere_portal	6.1.0.4	cpe:2.3:a:ibm:websphere_portal:6.1.0.4:::::::*
ibm	websphere_portal	6.1.0.5	cpe:2.3:a:ibm:websphere_portal:6.1.0.5:::::::*
ibm	websphere_portal	6.1.0.6	cpe:2.3:a:ibm:websphere_portal:6.1.0.6:::::::*
ibm	websphere_portal	6.1.5.0	cpe:2.3:a:ibm:websphere_portal:6.1.5.0:::::::*
ibm	websphere_portal	6.1.5.1	cpe:2.3:a:ibm:websphere_portal:6.1.5.1:::::::*
ibm	websphere_portal	6.1.5.2	cpe:2.3:a:ibm:websphere_portal:6.1.5.2:::::::*