| Vulnerability Name: | CVE-2014-4814 (CCN-95391) | ||||||||
| Assigned: | 2014-10-27 | ||||||||
| Published: | 2014-10-27 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-399 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-4814 Source: SECUNIA Type: UNKNOWN 59740 Source: AIXAPAR Type: UNKNOWN PI24622 Source: CCN Type: IBM Security Bulletin 1684651 Fixes available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2014-4814; CVE-2014-4808; CVE-2014-4821; CVE-2014-6125; CVE-2014-6126) Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21684651 Source: BID Type: UNKNOWN 70758 Source: CCN Type: BID-70758 IBM WebSphere Portal CVE-2014-4814 Unspecified Denial of Service Vulnerability Source: XF Type: UNKNOWN ibm-websphere-cve20144814-dos(95391) Source: XF Type: UNKNOWN ibm-wsportal-cve20144814-xee(95391) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||