CVE-2013-5372

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

Published: Oct 19, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5372
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
ibm / websphere_message_broker	6.1.0.9	6.1.0.9.x
ibm / websphere_message_broker	6.1	6.1.x
ibm / websphere_message_broker	6.1.0.6	6.1.0.6.x
ibm / websphere_message_broker	6.1.0.5	6.1.0.5.x
ibm / websphere_message_broker	6.1.0.10	6.1.0.10.x
ibm / websphere_message_broker	6.1.0.2	6.1.0.2.x
ibm / websphere_message_broker	6.1.0.3	6.1.0.3.x
ibm / websphere_message_broker	6.1.0.8	6.1.0.8.x
ibm / websphere_message_broker	6.1.0.11	6.1.0.11.x
ibm / websphere_message_broker	6.1.0.1	6.1.0.1.x
ibm / websphere_message_broker	6.1.0.7	6.1.0.7.x
ibm / websphere_message_broker	6.1.0.4	6.1.0.4.x
ibm / websphere_message_broker	8.0	8.0.x
ibm / websphere_message_broker	8.0.0.2	8.0.0.2.x
ibm / websphere_message_broker	8.0.0.3	8.0.0.3.x
ibm / websphere_message_broker	8.0.0.1	8.0.0.1.x
ibm / websphere_message_broker	7.0.0.4	7.0.0.4.x
ibm / websphere_message_broker	7.0.0.3	7.0.0.3.x
ibm / websphere_message_broker	7.0.0.1	7.0.0.1.x
ibm / websphere_message_broker	7.0.0.6	7.0.0.6.x
ibm / websphere_message_broker	7.0.0.5	7.0.0.5.x
ibm / websphere_message_broker	7.0.0.2	7.0.0.2.x
ibm / websphere_message_broker	7.0.	7.0..x

Vulnerability Database

CVE-2013-5372