Bug 692584 (CVE-2011-1483) - CVE-2011-1483 JBossWS remote Denial of Service
Summary: CVE-2011-1483 JBossWS remote Denial of Service
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-1483
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 725919
Blocks: 735463
TreeView+ depends on / blocked
 
Reported: 2011-03-31 15:46 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:44 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-19 05:51:10 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker JBEPP-1352 0 Blocker Closed A security issue has been identified in jbossws-native that impacts EPP, BZ#692584 (EPP5) 2018-03-15 21:54:38 UTC
Red Hat Product Errata RHSA-2011:1301 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:35 UTC
Red Hat Product Errata RHSA-2011:1302 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:25 UTC
Red Hat Product Errata RHSA-2011:1303 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:14 UTC
Red Hat Product Errata RHSA-2011:1304 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:04 UTC
Red Hat Product Errata RHSA-2011:1305 0 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 18:26:43 UTC
Red Hat Product Errata RHSA-2011:1306 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 18:06:18 UTC
Red Hat Product Errata RHSA-2011:1307 0 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 18:26:33 UTC
Red Hat Product Errata RHSA-2011:1308 0 normal SHIPPED_LIVE Important: JBoss Communications Platform 1.2.11 and 5.1.1 security update 2011-09-15 18:36:56 UTC
Red Hat Product Errata RHSA-2011:1309 0 normal SHIPPED_LIVE Important: jbossas security update 2011-09-15 18:57:54 UTC
Red Hat Product Errata RHSA-2011:1310 0 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 18:47:26 UTC
Red Hat Product Errata RHSA-2011:1311 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 18:47:16 UTC
Red Hat Product Errata RHSA-2011:1312 0 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 19:18:24 UTC
Red Hat Product Errata RHSA-2011:1313 0 normal SHIPPED_LIVE Important: JBoss Enterprise BRMS Platform 5.1.0 security update 2011-09-15 19:49:36 UTC

Comment 2 Marc Schoenefeld 2011-04-01 15:21:08 UTC 
JBossWS native does not properly protect against recursive entity resolution with embedded DTDs. A remote attacker could cause a Denial-Of-Service by CPU resource exhaustion with a carefully crafted POST request to a deployed web service.
Comment 6 errata-xmlrpc 2011-09-15 17:52:09 UTC 
This issue has been addressed in following products:

    JBoss Enterprise Web Platform 5.1.1

Via RHSA-2011:1304 https://rhn.redhat.com/errata/RHSA-2011-1304.html
Comment 7 errata-xmlrpc 2011-09-15 17:52:19 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6

Via RHSA-2011:1303 https://rhn.redhat.com/errata/RHSA-2011-1303.html
Comment 8 errata-xmlrpc 2011-09-15 17:52:30 UTC 
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 5.1.1

Via RHSA-2011:1302 https://rhn.redhat.com/errata/RHSA-2011-1302.html
Comment 9 errata-xmlrpc 2011-09-15 17:52:40 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 6

Via RHSA-2011:1301 https://rhn.redhat.com/errata/RHSA-2011-1301.html
Comment 10 errata-xmlrpc 2011-09-15 18:06:22 UTC 
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 4
  JBEAP 4.3.0 for RHEL 5

Via RHSA-2011:1306 https://rhn.redhat.com/errata/RHSA-2011-1306.html
Comment 11 errata-xmlrpc 2011-09-15 18:26:38 UTC 
This issue has been addressed in following products:

    JBoss Enterprise Portal Platform 4.3.CP06

Via RHSA-2011:1307 https://rhn.redhat.com/errata/RHSA-2011-1307.html
Comment 12 errata-xmlrpc 2011-09-15 18:26:48 UTC 
This issue has been addressed in following products:

    JBoss Enterprise SOA Platform 4.2.CP05
    JBoss Enterprise SOA Platform 4.3.CP05
    JBoss Enterprise SOA Platform 5.1.0

Via RHSA-2011:1305 https://rhn.redhat.com/errata/RHSA-2011-1305.html
Comment 13 errata-xmlrpc 2011-09-15 18:37:01 UTC 
This issue has been addressed in following products:

    JBoss Communications Platform 1.2.11
    JBoss Communications Platform 5.1.1

Via RHSA-2011:1308 https://rhn.redhat.com/errata/RHSA-2011-1308.html
Comment 14 errata-xmlrpc 2011-09-15 18:47:21 UTC 
This issue has been addressed in following products:

    JBoss Enterprise Portal Platform 5.1.1

Via RHSA-2011:1311 https://rhn.redhat.com/errata/RHSA-2011-1311.html
Comment 15 errata-xmlrpc 2011-09-15 18:47:31 UTC 
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 4.2.0.CP09

Via RHSA-2011:1310 https://rhn.redhat.com/errata/RHSA-2011-1310.html
Comment 16 errata-xmlrpc 2011-09-15 18:58:02 UTC 
This issue has been addressed in following products:

  JBEAP 4.2.0 for RHEL 4
  JBEAP 4.2.0 for RHEL 5

Via RHSA-2011:1309 https://rhn.redhat.com/errata/RHSA-2011-1309.html
Comment 17 errata-xmlrpc 2011-09-15 19:18:28 UTC 
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 4.3

Via RHSA-2011:1312 https://rhn.redhat.com/errata/RHSA-2011-1312.html
Comment 18 errata-xmlrpc 2011-09-15 19:49:41 UTC 
This issue has been addressed in following products:

    JBoss Enterprise BRMS Platform 5.1.0

Via RHSA-2011:1313 https://rhn.redhat.com/errata/RHSA-2011-1313.html
Comment 19 David Jorm 2011-09-19 07:03:24 UTC 
Upstream patch commits:

http://source.jboss.org/changelog/JBossWS/?cs=13995
http://source.jboss.org/changelog/JBossWS/?cs=13996
Note You need to log in before you can comment on or make changes to this bug.