← Voltar para CVEs
CVE-2015-0132
N/ADescricao
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/18/2015
Ultima modificacao5/6/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
ibm:rational_doors_next_generationibm:rational_requirements_composer
Fraquezas (CWE)
CWE-399
Referencias
http://www-01.ibm.com/support/docview.wss?uid=swg21698248(psirt@us.ibm.com)
http://www-01.ibm.com/support/docview.wss?uid=swg21698248(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.