CVE-2011-1483

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.0MEDIUM

EPSS

3.7%

top 11.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Network Node Manager I Redhat Jboss Communications Platform Redhat Jboss Enterprise Application Platform +4 more

Timeline

PublishedJul 29

Latest updateMay 13

Description

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consu…

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

▶NVDredhat/jboss_enterprise_brms_platform5.1.0

▶NVDredhat/jboss_enterprise_portal_platform4.3.0, 5.1.1+1

▶NVDredhat/jboss_enterprise_application_platform4.2.0, 4.3.0, 5.1.1+2

▶NVDredhat/jboss_enterprise_soa_platform4.2.0, 4.3.0, 5.1.0+2

▶NVDredhat/jboss_enterprise_web_platform5.1.1

Patches

Patch: source.jboss.org ↗Patch: source.jboss.org ↗

🔴Vulnerability Details

OSV

JBossWS vulnerable to uncontrolled recursion↗2022-05-13

▶

GHSA

JBossWS vulnerable to uncontrolled recursion↗2022-05-13

▶

CVEList

CVE-2011-1483: wsf/common/DOMUtils↗2013-07-28

▶

📋Vendor Advisories

Red Hat

JBossWS remote Denial of Service↗2011-09-15

▶

💬Community

Bugzilla

CVE-2011-1483 JBossWS remote Denial of Service↗2011-03-31

▶