Lucene search

K
nvd[email protected]NVD:CVE-2014-4814
HistoryOct 28, 2014 - 7:55 p.m.

CVE-2014-4814

2014-10-2819:55:02
CWE-399
web.nvd.nist.gov
7

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

72.7%

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected configurations

Nvd
Node
ibmwebsphere_portalMatch6.1.0.0
OR
ibmwebsphere_portalMatch6.1.0.1
OR
ibmwebsphere_portalMatch6.1.0.2
OR
ibmwebsphere_portalMatch6.1.0.3
OR
ibmwebsphere_portalMatch6.1.0.4
OR
ibmwebsphere_portalMatch6.1.0.5
OR
ibmwebsphere_portalMatch6.1.0.6
OR
ibmwebsphere_portalMatch6.1.5.0
OR
ibmwebsphere_portalMatch6.1.5.1
OR
ibmwebsphere_portalMatch6.1.5.2
OR
ibmwebsphere_portalMatch6.1.5.3
OR
ibmwebsphere_portalMatch7.0.0.0
OR
ibmwebsphere_portalMatch7.0.0.1
OR
ibmwebsphere_portalMatch7.0.0.2
OR
ibmwebsphere_portalMatch8.0.0.0
OR
ibmwebsphere_portalMatch8.0.0.1
OR
ibmwebsphere_portalMatch8.5.0.0
VendorProductVersionCPE
ibmwebsphere_portal6.1.0.0cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.1cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.2cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.3cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.4cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.5cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.6cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.0cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.1cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.2cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 171

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

72.7%