2 matches found
CVE-2015-5038
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service CPU consumption and application crash via a crafted XML document containing a large...
CVE-2015-5038
CVE-2015-5038 affects IBM Connections 3.x (before 3.0.1.1 CR3), 4.0 (before CR4), 4.5 (before CR5), and 5.0 (before CR3). It reports a flaw in XML entity expansion recursion that can be exploited by a crafted XML document with many nested entities to trigger denial of service (CPU consumption and...