Lucene search

K
cvelistRedhatCVELIST:CVE-2013-6429
HistoryJan 26, 2014 - 11:00 a.m.

CVE-2013-6429

2014-01-2611:00:00
redhat
www.cve.org
1

6.6 Medium

AI Score

Confidence

High

0.937 High

EPSS

Percentile

99.1%

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

6.6 Medium

AI Score

Confidence

High

0.937 High

EPSS

Percentile

99.1%