VYPR
Unrated severityNVD Advisory· Published Mar 18, 2015· Updated Jun 17, 2026

CVE-2015-0132

CVE-2015-0132

Description

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected products

36
  • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*
    • (no CPE)range: >=4.0, <4.0.7 iFix3; >=5.0, <5.0.2
  • cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*
    • (no CPE)range: <3.0.1.6 iFix5; >=4.0, <4.0.7 iFix3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.