PI08265: IBM SPSS Modeler is vulnerable to a denial of service attack triggered by a malicious XML data.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • CVE-2013-5372 (CVSS 4.3)
    The XML4J parser is vulnerable to a denial of service attack,
    triggered by specially crafted XML data. The DoS manifests as an
    OutOfMemoryError.
    
    CVE-2013-5825 (CVSS 5)
    Malicious XML data can cause DoS conditions in a variety of
    different ways. This fix adds properties to the JAXP
    implementation to help prevent such attacks.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All users                                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * see above                                                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply SPSS Modeler 14.2 Fix Pack 3 Interim Fix 021, SPSS     *
    * Modeler 15.0 Fix Pack 3 Interim Fix 004 or SPSS Modeler 16.0 *
    * Fix Pack 1                                                   *
    ****************************************************************
    

Problem conclusion

  • Apply SPSS Modeler 14.2 Fix Pack 3 Interim Fix 021, SPSS Modeler
    15.0 Fix Pack 3 Interim Fix 004 or SPSS Modeler 16.0 Fix Pack 1
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI08265

  • Reported component name

    SPSS MODELER

  • Reported component ID

    5725A64MD

  • Reported release

    F00

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-12-17

  • Closed date

    2014-02-08

  • Last modified date

    2014-06-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SPSS MODELER

  • Fixed component ID

    5725A64MD

Applicable component levels

  • RF00 PSN

       UP

  • RG00 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

SPSS Modeler
Modeler

Software version:

15.0

Reference #:

PI08265

Modified date:

2014-06-09

Translate my page

Machine Translation

Content navigation