CVE-2015-5038
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
IBM Connections 3.x en versiones anteriores a 3.0.1.1 CR3, 4.0 en versiones anteriores a CR4, 4.5 en versiones anteriores a CR5 y 5.0 en versiones anteriores a CR3 no detecta correctamente la recursión durante la expansión de entidad XML, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y caída de aplicación) a través de un documento XML manipulado que contiene un número grande de referencias a entidades anidadas, un caso similar a CVE-2003-1564.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-24 CVE Reserved
- 2016-01-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg1LO87020 | 2016-08-04 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21971439 | 2016-08-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Connections Search vendor "Ibm" for product "Connections" | <= 3.0.1.1 Search vendor "Ibm" for product "Connections" and version " <= 3.0.1.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Connections Search vendor "Ibm" for product "Connections" | 4.0 Search vendor "Ibm" for product "Connections" and version "4.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Connections Search vendor "Ibm" for product "Connections" | 4.5 Search vendor "Ibm" for product "Connections" and version "4.5" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Connections Search vendor "Ibm" for product "Connections" | 5.0 Search vendor "Ibm" for product "Connections" and version "5.0" | - |
Affected
|