Resource management error in WebSphere Portal - CVE-2014-4814
Published: October 28, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41190
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-4814
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
WebSphere Portal
WebSphere Portal
Detailed vulnerability description
The vulnerability allows a remote #AU# to perform service disruption.
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
How to mitigate CVE-2014-4814
Install update from vendor's website.