PI08265: IBM SPSS Modeler is vulnerable to a denial of service attack triggered by a malicious XML data.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • CVE-2013-5372 (CVSS 4.3)
    The XML4J parser is vulnerable to a denial of service attack,
    triggered by specially crafted XML data. The DoS manifests as an
    OutOfMemoryError.
    
    CVE-2013-5825 (CVSS 5)
    Malicious XML data can cause DoS conditions in a variety of
    different ways. This fix adds properties to the JAXP
    implementation to help prevent such attacks.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All users                                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * see above                                                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply SPSS Modeler 14.2 Fix Pack 3 Interim Fix 021, SPSS     *
    * Modeler 15.0 Fix Pack 3 Interim Fix 004 or SPSS Modeler 16.0 *
    * Fix Pack 1                                                   *
    ****************************************************************
    

Problem conclusion

  • Apply SPSS Modeler 14.2 Fix Pack 3 Interim Fix 021, SPSS Modeler
    15.0 Fix Pack 3 Interim Fix 004 or SPSS Modeler 16.0 Fix Pack 1
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI08265

  • Reported component name

    SPSS MODELER

  • Reported component ID

    5725A64MD

  • Reported release

    F00

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-12-17

  • Closed date

    2014-02-08

  • Last modified date

    2014-06-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SPSS MODELER

  • Fixed component ID

    5725A64MD

Applicable component levels

  • RF00 PSN

       UP

  • RG00 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

SPSS Modeler
Modeler

Software version:

15.0

Reference #:

PI08265

Modified date:

2014-06-09

Translate my page

Machine Translation

Content navigation