Bug 692584 (CVE-2011-1483) - CVE-2011-1483 JBossWS remote Denial of Service
Summary: CVE-2011-1483 JBossWS remote Denial of Service
Status: CLOSED ERRATA
Alias: CVE-2011-1483
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,source=redhat,public...
Keywords: Security
Depends On: 725919
Blocks: 735463
TreeView+ depends on / blocked
 
Reported: 2011-03-31 15:46 UTC by Marc Schoenefeld
Modified: 2011-11-11 01:09 UTC (History)
14 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-09-19 05:51:10 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBEPP-1352 Blocker Closed A security issue has been identified in jbossws-native that impacts EPP, BZ#692584 (EPP5) 2018-03-15 21:54 UTC
Red Hat Product Errata RHSA-2011:1301 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:35 UTC
Red Hat Product Errata RHSA-2011:1302 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:25 UTC
Red Hat Product Errata RHSA-2011:1303 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:14 UTC
Red Hat Product Errata RHSA-2011:1304 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 17:52:04 UTC
Red Hat Product Errata RHSA-2011:1305 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 18:26:43 UTC
Red Hat Product Errata RHSA-2011:1306 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 18:06:18 UTC
Red Hat Product Errata RHSA-2011:1307 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 18:26:33 UTC
Red Hat Product Errata RHSA-2011:1308 normal SHIPPED_LIVE Important: JBoss Communications Platform 1.2.11 and 5.1.1 security update 2011-09-15 18:36:56 UTC
Red Hat Product Errata RHSA-2011:1309 normal SHIPPED_LIVE Important: jbossas security update 2011-09-15 18:57:54 UTC
Red Hat Product Errata RHSA-2011:1310 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 18:47:26 UTC
Red Hat Product Errata RHSA-2011:1311 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 18:47:16 UTC
Red Hat Product Errata RHSA-2011:1312 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 19:18:24 UTC
Red Hat Product Errata RHSA-2011:1313 normal SHIPPED_LIVE Important: JBoss Enterprise BRMS Platform 5.1.0 security update 2011-09-15 19:49:36 UTC

Comment 2 Marc Schoenefeld 2011-04-01 15:21:08 UTC
JBossWS native does not properly protect against recursive entity resolution with embedded DTDs. A remote attacker could cause a Denial-Of-Service by CPU resource exhaustion with a carefully crafted POST request to a deployed web service.

Comment 6 errata-xmlrpc 2011-09-15 17:52:09 UTC
This issue has been addressed in following products:

    JBoss Enterprise Web Platform 5.1.1

Via RHSA-2011:1304 https://rhn.redhat.com/errata/RHSA-2011-1304.html

Comment 7 errata-xmlrpc 2011-09-15 17:52:19 UTC
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6

Via RHSA-2011:1303 https://rhn.redhat.com/errata/RHSA-2011-1303.html

Comment 8 errata-xmlrpc 2011-09-15 17:52:30 UTC
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 5.1.1

Via RHSA-2011:1302 https://rhn.redhat.com/errata/RHSA-2011-1302.html

Comment 9 errata-xmlrpc 2011-09-15 17:52:40 UTC
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 6

Via RHSA-2011:1301 https://rhn.redhat.com/errata/RHSA-2011-1301.html

Comment 10 errata-xmlrpc 2011-09-15 18:06:22 UTC
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 4
  JBEAP 4.3.0 for RHEL 5

Via RHSA-2011:1306 https://rhn.redhat.com/errata/RHSA-2011-1306.html

Comment 11 errata-xmlrpc 2011-09-15 18:26:38 UTC
This issue has been addressed in following products:

    JBoss Enterprise Portal Platform 4.3.CP06

Via RHSA-2011:1307 https://rhn.redhat.com/errata/RHSA-2011-1307.html

Comment 12 errata-xmlrpc 2011-09-15 18:26:48 UTC
This issue has been addressed in following products:

    JBoss Enterprise SOA Platform 4.2.CP05
    JBoss Enterprise SOA Platform 4.3.CP05
    JBoss Enterprise SOA Platform 5.1.0

Via RHSA-2011:1305 https://rhn.redhat.com/errata/RHSA-2011-1305.html

Comment 13 errata-xmlrpc 2011-09-15 18:37:01 UTC
This issue has been addressed in following products:

    JBoss Communications Platform 1.2.11
    JBoss Communications Platform 5.1.1

Via RHSA-2011:1308 https://rhn.redhat.com/errata/RHSA-2011-1308.html

Comment 14 errata-xmlrpc 2011-09-15 18:47:21 UTC
This issue has been addressed in following products:

    JBoss Enterprise Portal Platform 5.1.1

Via RHSA-2011:1311 https://rhn.redhat.com/errata/RHSA-2011-1311.html

Comment 15 errata-xmlrpc 2011-09-15 18:47:31 UTC
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 4.2.0.CP09

Via RHSA-2011:1310 https://rhn.redhat.com/errata/RHSA-2011-1310.html

Comment 16 errata-xmlrpc 2011-09-15 18:58:02 UTC
This issue has been addressed in following products:

  JBEAP 4.2.0 for RHEL 4
  JBEAP 4.2.0 for RHEL 5

Via RHSA-2011:1309 https://rhn.redhat.com/errata/RHSA-2011-1309.html

Comment 17 errata-xmlrpc 2011-09-15 19:18:28 UTC
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 4.3

Via RHSA-2011:1312 https://rhn.redhat.com/errata/RHSA-2011-1312.html

Comment 18 errata-xmlrpc 2011-09-15 19:49:41 UTC
This issue has been addressed in following products:

    JBoss Enterprise BRMS Platform 5.1.0

Via RHSA-2011:1313 https://rhn.redhat.com/errata/RHSA-2011-1313.html


Note You need to log in before you can comment on or make changes to this bug.