Skip to content

JBossWS vulnerable to uncontrolled recursion

Low severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

maven org.jboss.ws:jbossws-common (Maven)

Affected versions

< 2.1.0.Final

Patched versions

2.1.0.Final

Description

DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

References

Published by the National Vulnerability Database Jul 29, 2013
Published to the GitHub Advisory Database May 13, 2022
Reviewed Nov 8, 2022
Last updated Jan 29, 2023

Severity

Low

EPSS score

1.097%
(85th percentile)

Weaknesses

CVE ID

CVE-2011-1483

GHSA ID

GHSA-rj4p-7mm6-gm9j

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.