Lucene search

[email protected]NVD:CVE-2015-0132

HistoryMar 18, 2015 - 10:59 a.m.

CVE-2015-0132

2015-03-1810:59:05

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected configurations

Nvd

Node

ibmrational_requirements_composerMatch2.0

ibmrational_requirements_composerMatch2.0.0.1

ibmrational_requirements_composerMatch2.0.0.2

ibmrational_requirements_composerMatch2.0.0.3

ibmrational_requirements_composerMatch2.0.0.4

ibmrational_requirements_composerMatch3.0

ibmrational_requirements_composerMatch3.0.1

ibmrational_requirements_composerMatch3.0.1.1

ibmrational_requirements_composerMatch3.0.1.2

ibmrational_requirements_composerMatch3.0.1.3

ibmrational_requirements_composerMatch3.0.1.4

ibmrational_requirements_composerMatch3.0.1.5

ibmrational_requirements_composerMatch3.0.1.6

ibmrational_requirements_composerMatch4.0

ibmrational_requirements_composerMatch4.0.0

ibmrational_requirements_composerMatch4.0.0.1

ibmrational_requirements_composerMatch4.0.0.2

ibmrational_requirements_composerMatch4.0.1

ibmrational_requirements_composerMatch4.0.2

ibmrational_requirements_composerMatch4.0.3

ibmrational_requirements_composerMatch4.0.4

ibmrational_requirements_composerMatch4.0.5

ibmrational_requirements_composerMatch4.0.6

ibmrational_requirements_composerMatch4.0.7

Node

ibmrational_doors_next_generationMatch4.0.0

ibmrational_doors_next_generationMatch4.0.1

ibmrational_doors_next_generationMatch4.0.2

ibmrational_doors_next_generationMatch4.0.3

ibmrational_doors_next_generationMatch4.0.4

ibmrational_doors_next_generationMatch4.0.5

ibmrational_doors_next_generationMatch4.0.6

ibmrational_doors_next_generationMatch4.0.7

ibmrational_doors_next_generationMatch5.0

ibmrational_doors_next_generationMatch5.0.1

VendorProductVersionCPE
ibmrational_requirements_composer2.0cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*
ibmrational_requirements_composer2.0.0.1cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*
ibmrational_requirements_composer2.0.0.2cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*
ibmrational_requirements_composer2.0.0.3cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*
ibmrational_requirements_composer2.0.0.4cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.1cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.2cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.3cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_requirements_composer	2.0	cpe:2.3:a:ibm:rational_requirements_composer:2.0:::::::*
ibm	rational_requirements_composer	2.0.0.1	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:::::::*
ibm	rational_requirements_composer	2.0.0.2	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:::::::*
ibm	rational_requirements_composer	2.0.0.3	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:::::::*
ibm	rational_requirements_composer	2.0.0.4	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:::::::*
ibm	rational_requirements_composer	3.0	cpe:2.3:a:ibm:rational_requirements_composer:3.0:::::::*
ibm	rational_requirements_composer	3.0.1	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:::::::*
ibm	rational_requirements_composer	3.0.1.1	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:::::::*
ibm	rational_requirements_composer	3.0.1.2	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:::::::*
ibm	rational_requirements_composer	3.0.1.3	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:::::::*