GitHub Advisory DatabaseGHSA-87W9-X2C3-HRJJExposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.5%
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain โTomcat internalsโ information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.tomcat:tomcat | le | 8.0.0-RC9 | |
| org.apache.tomcat:tomcat | lt | 7.0.50 | |
| org.apache.tomcat:tomcat | lt | 6.0.39 |
References
advisories.mageia.org/MGASA-2014-0148.html
marc.info/?l=bugtraq&m=144498216801440&w=2
svn.apache.org/viewvc?view=revision&revision=1549528
svn.apache.org/viewvc?view=revision&revision=1549529
svn.apache.org/viewvc?view=revision&revision=1558828
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
www-01.ibm.com/support/docview.wss?uid=swg21667883
www-01.ibm.com/support/docview.wss?uid=swg21675886
www-01.ibm.com/support/docview.wss?uid=swg21677147
www-01.ibm.com/support/docview.wss?uid=swg21678231
www.debian.org/security/2016/dsa-3530
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
www.vmware.com/security/advisories/VMSA-2014-0008.html
bugzilla.redhat.com/show_bug.cgi?id=1069911
github.com/advisories/GHSA-87w9-x2c3-hrjj
github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d
github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888
github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2013-4590
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.5%