Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4590HistoryFeb 26, 2014 - 2:55 p.m.
CVE-2013-4590
2014-02-2614:55:00
Debian Security Bug Tracker
security-tracker.debian.org
8
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain โTomcat internalsโ information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | tomcat7 | <ย 7.0.75-1 | tomcat7_7.0.75-1_all.deb |
| Debian | 9 | all | tomcat8 | <ย 8.5.54-0+deb9u1 | tomcat8_8.5.54-0+deb9u1_all.deb |
Related
seebug
seebug
Apache TomcatXMLๅค้จๅฎไฝไฟกๆฏๆณๆผๆผๆด
2014-02-27 00:00:00
atlassian
atlassian
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
securityvulns
securityvulns
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
ubuntucve
ubuntucve
CVE-2013-4590
2014-02-26 00:00:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
cve
cve
CVE-2013-4590
2014-02-26 14:55:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
tomcat6 - regression update
2014-11-23 00:00:00
tomcat6 - security update
2014-11-23 00:00:00
prion
prion
Xxe
2014-02-26 14:55:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:58:51
openvas
openvas
RedHat Update for tomcat6 RHSA-2014:1038-01
2014-08-12 00:00:00
Apache Tomcat Multiple Vulnerabilities - 02 (Mar 2014)
2014-03-25 00:00:00
CentOS Update for tomcat6 CESA-2014:1038 centos6
2014-08-12 00:00:00
centos
centos
tomcat6 security update
2014-08-11 18:04:13
nessus
nessus
Oracle Linux 6 : tomcat6 (ELSA-2014-1038)
2014-08-12 00:00:00
CentOS 6 : tomcat6 (CESA-2014:1038)
2014-08-12 00:00:00
Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140811)
2014-08-12 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2014:1038) Low: tomcat6 security update
2014-08-11 00:00:00
(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 00:00:00
(RHSA-2014:1087) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 15:24:12
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
oraclelinux
oraclelinux
tomcat6 security update
2014-08-11 00:00:00
tomcat security update
2014-08-07 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related for DEBIANCVE:CVE-2013-4590