Lucene search

IbmCVE-2014-4834

HistoryNov 05, 2014 - 11:55 a.m.

CVE-2014-4834

2014-11-0511:55:06

ibm

web.nvd.nist.gov

ibm websphere commerce

cve-2014-4834

denial of service

nvd

vulnerability

xml

entity expansion

recursion detection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch6.0.0.0

ibmwebsphere_commerceMatch6.0.0.1

ibmwebsphere_commerceMatch6.0.0.2

ibmwebsphere_commerceMatch6.0.0.3

ibmwebsphere_commerceMatch6.0.0.4

ibmwebsphere_commerceMatch6.0.0.5

ibmwebsphere_commerceMatch6.0.0.6

ibmwebsphere_commerceMatch6.0.0.7

ibmwebsphere_commerceMatch6.0.0.8

ibmwebsphere_commerceMatch6.0.0.9

ibmwebsphere_commerceMatch6.0.0.10

ibmwebsphere_commerceMatch6.0.0.11

ibmwebsphere_commerceMatch7.0

ibmwebsphere_commerceMatch7.0.0.1

ibmwebsphere_commerceMatch7.0.0.2

ibmwebsphere_commerceMatch7.0.0.3

ibmwebsphere_commerceMatch7.0.0.4

ibmwebsphere_commerceMatch7.0.0.5

ibmwebsphere_commerceMatch7.0.0.6

ibmwebsphere_commerceMatch7.0.0.7

ibmwebsphere_commerceMatch7.0.0.8

VendorProductVersionCPE
ibmwebsphere_commerce6.0.0.0cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.1cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.2cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.3cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.4cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.5cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.6cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.7cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.8cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.9cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	6.0.0.0	cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:::::::*
ibm	websphere_commerce	6.0.0.1	cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:::::::*
ibm	websphere_commerce	6.0.0.2	cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:::::::*
ibm	websphere_commerce	6.0.0.3	cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:::::::*
ibm	websphere_commerce	6.0.0.4	cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:::::::*
ibm	websphere_commerce	6.0.0.5	cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:::::::*
ibm	websphere_commerce	6.0.0.6	cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:::::::*
ibm	websphere_commerce	6.0.0.7	cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:::::::*
ibm	websphere_commerce	6.0.0.8	cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:::::::*
ibm	websphere_commerce	6.0.0.9	cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:::::::*