Lucene search

K

RedhatCVELIST:CVE-2013-6429

HistoryJan 26, 2014 - 11:00 a.m.

CVE-2013-6429

2014-01-2611:00:00

redhat

www.cve.org

1

6.6 Medium

AI Score

Confidence

High

0.937 High

EPSS

Percentile

99.1%

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

References

rhn.redhat.com/errata/RHSA-2014-0400.html

secunia.com/advisories/57915

www.gopivotal.com/security/cve-2013-6429

www.securityfocus.com/archive/1/530770/100/0/threaded

www.securityfocus.com/bid/64947

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

jira.springsource.org/browse/SPR-11078?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel

6.6 Medium

AI Score

Confidence

High

0.937 High

EPSS

Percentile

99.1%

Related for CVELIST:CVE-2013-6429

debiancve4 osv5 cve5 github4 prion5 nvd5 ubuntucve4 cvelist4 openvas6 securityvulns6 ibm12 debian2 mageia2 nessus5 checkpoint_advisories3 redhat5