CVE-2013-5372

CWE-3995 documents5 sources
Severity
4.3MEDIUM
EPSS
1.7%
top 17.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Message Broker
Timeline
PublishedOct 19
Latest updateMay 17

Description

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDibm/websphere_message_broker23 versions+22

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-fq7g-96mj-hhf9: The XML4J parser in IBM WebSphere Message Broker 6โ†—2022-05-17
โ–ถ
CVEList
CVE-2013-5372: The XML4J parser in IBM WebSphere Message Broker 6โ†—2013-10-19
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
JDK: XML4J xml entity expansion excessive memory use (XML)โ†—2013-11-05
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2013-5372 IBM JDK: XML4J xml entity expansion excessive memory use (XML)โ†—2013-11-07
โ–ถ