JBossWS native does not properly protect against recursive entity resolution with embedded DTDs. A remote attacker could cause a Denial-Of-Service by CPU resource exhaustion with a carefully crafted POST request to a deployed web service.
This issue has been addressed in following products: JBoss Enterprise Web Platform 5.1.1 Via RHSA-2011:1304 https://rhn.redhat.com/errata/RHSA-2011-1304.html
This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2011:1303 https://rhn.redhat.com/errata/RHSA-2011-1303.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 5.1.1 Via RHSA-2011:1302 https://rhn.redhat.com/errata/RHSA-2011-1302.html
This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2011:1301 https://rhn.redhat.com/errata/RHSA-2011-1301.html
This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 4 JBEAP 4.3.0 for RHEL 5 Via RHSA-2011:1306 https://rhn.redhat.com/errata/RHSA-2011-1306.html
This issue has been addressed in following products: JBoss Enterprise Portal Platform 4.3.CP06 Via RHSA-2011:1307 https://rhn.redhat.com/errata/RHSA-2011-1307.html
This issue has been addressed in following products: JBoss Enterprise SOA Platform 4.2.CP05 JBoss Enterprise SOA Platform 4.3.CP05 JBoss Enterprise SOA Platform 5.1.0 Via RHSA-2011:1305 https://rhn.redhat.com/errata/RHSA-2011-1305.html
This issue has been addressed in following products: JBoss Communications Platform 1.2.11 JBoss Communications Platform 5.1.1 Via RHSA-2011:1308 https://rhn.redhat.com/errata/RHSA-2011-1308.html
This issue has been addressed in following products: JBoss Enterprise Portal Platform 5.1.1 Via RHSA-2011:1311 https://rhn.redhat.com/errata/RHSA-2011-1311.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 4.2.0.CP09 Via RHSA-2011:1310 https://rhn.redhat.com/errata/RHSA-2011-1310.html
This issue has been addressed in following products: JBEAP 4.2.0 for RHEL 4 JBEAP 4.2.0 for RHEL 5 Via RHSA-2011:1309 https://rhn.redhat.com/errata/RHSA-2011-1309.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 4.3 Via RHSA-2011:1312 https://rhn.redhat.com/errata/RHSA-2011-1312.html
This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.1.0 Via RHSA-2011:1313 https://rhn.redhat.com/errata/RHSA-2011-1313.html
Upstream patch commits: http://source.jboss.org/changelog/JBossWS/?cs=13995 http://source.jboss.org/changelog/JBossWS/?cs=13996