Lucene search

PRIOn knowledge basePRION:CVE-2013-4590

HistoryFeb 26, 2014 - 2:55 p.m.

Xxe

2014-02-2614:55:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.2%

JSON

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain “Tomcat internals” information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CPENameOperatorVersion
tomcateq8.0.0 rc6
tomcateq8.0.0 rc9
tomcateq8.0.0 rc7
tomcateq8.0.0 rc3
tomcateq8.0.0 rc2
tomcateq8.0.0 rc1
tomcateq8.0.0 rc8
tomcateq8.0.0 rc5
tomcateq8.0.0 rc4
tomcateq5.5.27

Name	Operator	Version
tomcat	eq	8.0.0 rc6
tomcat	eq	8.0.0 rc9
tomcat	eq	8.0.0 rc7
tomcat	eq	8.0.0 rc3
tomcat	eq	8.0.0 rc2
tomcat	eq	8.0.0 rc1
tomcat	eq	8.0.0 rc8
tomcat	eq	8.0.0 rc5
tomcat	eq	8.0.0 rc4
tomcat	eq	5.5.27

Rows per page:

1-10 of 1931

References

advisories.mageia.org/MGASA-2014-0148.html

secunia.com/advisories/59036

secunia.com/advisories/59722

secunia.com/advisories/59724

secunia.com/advisories/59873

svn.apache.org/viewvc?view=revision&revision=1549528

svn.apache.org/viewvc?view=revision&revision=1549529

svn.apache.org/viewvc?view=revision&revision=1558828

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www-01.ibm.com/support/docview.wss?uid=swg21667883

www-01.ibm.com/support/docview.wss?uid=swg21675886

www-01.ibm.com/support/docview.wss?uid=swg21677147

www-01.ibm.com/support/docview.wss?uid=swg21678231

www.debian.org/security/2016/dsa-3530

www.mandriva.com/security/advisories?name=MDVSA-2015:052

www.mandriva.com/security/advisories?name=MDVSA-2015:084

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/bid/65768

www.vmware.com/security/advisories/VMSA-2014-0008.html

bugzilla.redhat.com/show_bug.cgi?id=1069911

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=144498216801440&w=2

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.2%

JSON

Related for PRION:CVE-2013-4590