The Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service.
CVEID: CVE-2016-4463**
DESCRIPTION:** Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114596 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Cloud Application Performance Management
Product
| Product
VRMF| Remediation
—|—|—
IBM Monitoring
IBM Application Diagnostics
IBM Application Performance Management
IBM Application Performance Management Advanced
| 8.1.3| The vulnerability can be remediated by applying the Core Framework patch 8.1.3.0-IBM-IPM-CORE-FRAMEWORK-IPM-IF0002 to all systems where Performance Management agents are installed:
http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003263
If you use the Response Time agent, the vulnerability can be remediated by applying the Response Time agent patch 8.1.3.0-IBM-IPM-RT-AGENT-IF0002 to all systems where this agent is installed:
http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003077
IBM Cloud Application Performance Management| N/A| If your subscription was upgraded to version 8.1.3.2, upgrade your existing Performance Management agents to the version 8.1.3.2 agent packages.
If your subscription is not yet upgraded to version 8.1.3.2, the vulnerability can be remediated by applying the Core Framework patch 8.1.3.1.0-IBM-IPM-CORE-FRAMEWORK-IPM-IF0001 to all systems where Performance Management agents are installed:
http://dbluewas1.pok.ibm.com/support/docview.wss?rs=0&uid=isg400001574
Apply the Response Time agent patch 8.1.3.0-IBM-IPM-RT-AGENT-IF0002 to all systems where this agent is installed:
http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003077
None.
CPE | Name | Operator | Version |
---|---|---|---|
tivoli monitoring | eq | 8.1.3 |