IBM Integration Bus XML4J Parser Entity Expansion Denial of Service Vulnerability

Bugtraq ID: 63224
Class: Design Error
CVE: CVE-2013-5372
Remote: Yes
Local: No
Published: Oct 17 2013 12:00AM
Updated: Apr 02 2014 12:47AM
Credit: The vendor reported this issue.
Vulnerable: SuSE SUSE Linux Enterprise Server 11 SP2
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 10 SP3 LTSS
+ Linux kernel 2.6.5
S.u.S.E. SUSE CORE 9 for x86
S.u.S.E. CORE 9
Red Hat Enterprise Linux Workstation Supplementary 6
Red Hat Enterprise Linux Supplementary 5 server
Red Hat Enterprise Linux Server Supplementary 6
Red Hat Enterprise Linux HPC Node Supplementary 6
Red Hat Enterprise Linux Desktop Supplementary 6
Red Hat Enterprise Linux Desktop Supplementary 5 client
IBM WebSphere Process Server 7.0.4
IBM WebSphere Lombardi Edition 7.2.0
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 7.0 .9
IBM Websphere Application Server 7.0 .8
IBM Websphere Application Server 7.0 .2
IBM Websphere Application Server 7.0 .13
IBM Websphere Application Server 7.0 .12
IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1 41
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .8
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .4
IBM Websphere Application Server 6.1 .32
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .25
IBM Websphere Application Server 6.1 .23
IBM Websphere Application Server 6.1 .22
IBM Websphere Application Server 6.1 .21
IBM Websphere Application Server 6.1 .20
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .19
IBM Websphere Application Server 6.1 .18
IBM Websphere Application Server 6.1 .17
IBM Websphere Application Server 6.1 .15
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .13
IBM Websphere Application Server 6.1 .12
IBM Websphere Application Server 6.1 .11
IBM Websphere Application Server 6.1 .10
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 8.0.0.1
IBM Websphere Application Server 8.0.0.0
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0.0.7
IBM Websphere Application Server 7.0.0.6
IBM Websphere Application Server 7.0.0.5
IBM Websphere Application Server 7.0.0.4
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.14
IBM Websphere Application Server 7.0.0.13
IBM Websphere Application Server 7.0.0.1
IBM Websphere Application Server 7.0.0.0
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1.0.45
IBM Websphere Application Server 6.1.0.43
IBM Websphere Application Server 6.1.0.39
IBM Websphere Application Server 6.1.0.37
IBM Websphere Application Server 6.1.0.35
IBM Websphere Application Server 6.1.0.34
IBM Websphere Application Server 6.1.0.33
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.1.0.29
IBM Websphere Application Server 6.1.0.27
IBM Websphere Application Server 6.1
IBM Web Experience Factory 7.0.1.2
IBM Web Experience Factory 7.0.1
IBM Web Experience Factory 7.0.0.2
IBM Web Experience Factory 7.0
IBM Tivoli Netcool/OMNIbus 7.3
IBM Tivoli Business Service Manager 4.2.1
IBM Rational Team Concert 3.0
IBM Rational Team Concert 2.0
IBM OS/400 V6R1M0
IBM Java SDK 1.4.2
IBM Java SDK 6
IBM InfoSphere Information Server 8.5
IBM InfoSphere Information Server 8.1
IBM IMS 10
IBM FileNet Content Manager 5.1
IBM AIX 7.1
IBM AIX 6.1
IBM AIX 5.3
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus