Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0132

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2015-0132
Last Modified 18 Mar 2015 12:13:19
Published 18 Mar 2015 06:59:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0132

Summary

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Systems

Application

  • Ibm Rational Doors Next Generation 4.0.0

  • Ibm Rational Doors Next Generation 4.0.1

  • Ibm Rational Doors Next Generation 4.0.2

  • Ibm Rational Doors Next Generation 4.0.3

  • Ibm Rational Doors Next Generation 4.0.4

  • Ibm Rational Doors Next Generation 4.0.5

  • Ibm Rational Doors Next Generation 4.0.6

  • Ibm Rational Doors Next Generation 4.0.7

  • Ibm Rational Doors Next Generation 5.0

  • Ibm Rational Doors Next Generation 5.0.1

  • Ibm Rational Requirements Composer 2.0

  • Ibm Rational Requirements Composer 2.0.0.1

  • Ibm Rational Requirements Composer 2.0.0.2

  • Ibm Rational Requirements Composer 2.0.0.3

  • Ibm Rational Requirements Composer 2.0.0.4

  • Ibm Rational Requirements Composer 3.0

  • Ibm Rational Requirements Composer 3.0.1

  • Ibm Rational Requirements Composer 3.0.1.1

  • Ibm Rational Requirements Composer 3.0.1.2

  • Ibm Rational Requirements Composer 3.0.1.3

  • Ibm Rational Requirements Composer 3.0.1.4

  • Ibm Rational Requirements Composer 3.0.1.5

  • Ibm Rational Requirements Composer 3.0.1.6

  • Ibm Rational Requirements Composer 4.0

  • Ibm Rational Requirements Composer 4.0.0

  • Ibm Rational Requirements Composer 4.0.0.1

  • Ibm Rational Requirements Composer 4.0.0.2

  • Ibm Rational Requirements Composer 4.0.1

  • Ibm Rational Requirements Composer 4.0.2

  • Ibm Rational Requirements Composer 4.0.3

  • Ibm Rational Requirements Composer 4.0.4

  • Ibm Rational Requirements Composer 4.0.5

  • Ibm Rational Requirements Composer 4.0.6

  • Ibm Rational Requirements Composer 4.0.7


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21698248


Last Updated: 27 May 2016 11:08:08