|
Description
|
|
Two vulnerabilities have been reported in IBM Rational DOORS Next Generation and IBM Rational Requirements Composer, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) An error when parsing XML entities can be exploited to consume memory resources via a specially crafted XML document including entity references.
The vulnerability is reported in the following products and versions:
* IBM Rational Requirements Composer 4.0 through 4.0.7.
* IBM Rational DOORS Next Generation 4.0 through 4.0.7.
* IBM Rational DOORS Next Generation 5.0 through 5.0.1.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
IBM Rational DOORS Next Generation 4.xIBM Rational DOORS Next Generation 5.xIBM Rational Requirements Composer 4.x
|
|
|
|
|
|
Solution
|
|
Update to version 4.0.7 iFix3 or 5.0.2.
|
|
|
|
|
|
CVE
|
|
CVE-2015-0132
CVE-2015-0125
|
|
|
|
|
|
References
|
|
http://www.ibm.com/support/docview.wss?uid=swg21697297
http://www.ibm.com/support/docview.wss?uid=swg21698248
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
