exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2011-1483

Status Candidate

Overview

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

Related Files

HP Security Bulletin HPSBMU02894
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858, CVE-2012-3546
SHA-256 | eacd5c85848fe70e3b06674a93d19b20ce220a3b1047e565ac14544a22f6e877
Red Hat Security Advisory 2011-1313-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1313-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise BRMS Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | bcce8533979c638668151132f981467813cec5cba502f114c265c6c93313102f
Red Hat Security Advisory 2011-1312-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1312-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | f674c959b4fadafa704f6a8f6a5d9ce06d0eff03b9fde2aa39d8272bf997d3e0
Red Hat Security Advisory 2011-1311-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1311-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 3a011bc6de5554c758d0b9fa6c9334f214bc04d0eea99bd443d11a05a1ad832e
Red Hat Security Advisory 2011-1310-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1310-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | a31bba9cc3ae91ff188a9cc9203f8da900de211d6981af12ab071393fae6af1a
Red Hat Security Advisory 2011-1309-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1309-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. JBoss Enterprise Application Platform integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam into a complete and simple enterprise solution. JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 4405b67f4aeda82db06f3d697104eafbd0885396c23ef06fdd16cc7853e83719
Red Hat Security Advisory 2011-1308-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1308-01 - JBoss Web Services Native is a web service framework included as part of JBoss Communications Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | ea964738f1be59a4557cc2b56dc3bbbea521cae78a84bed00c60d2b4417d6898
Red Hat Security Advisory 2011-1307-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1307-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | cbd71fe2dde78be667b43b0a399f1b66f17d766d8629c56c48326376cb041dad
Red Hat Security Advisory 2011-1306-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1306-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 53a2c62ad66a1a6a43bdc577ce1ca6419fe718721d2bb3a0111dfe72aebc2b2e
Red Hat Security Advisory 2011-1305-01
Posted Sep 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1305-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise SOA Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 8841a70ed396dd48e91337e711c2c99e21af87c85ce24c3935c6d6a4c1eef571
Red Hat Security Advisory 2011-1304-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1304-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 611749ac30b6c0a2d7fdcb3b5973a59adc018d4a2f2844b63adf828d10fb3d44
Red Hat Security Advisory 2011-1303-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1303-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 697ec5e6af989722b10a604b855f51000e659801d88b4dae2afab203605e1441
Red Hat Security Advisory 2011-1302-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1302-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 563443521960e3a6fae50e4d40537279ef761819c4b357acabca2a48d06ab630
Red Hat Security Advisory 2011-1301-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1301-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 518a92cc69e9b5c62414e64cd16393b893fe3664e0e3a0657c94f5ab98b93477
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close