Lucene search

K

PRIOn knowledge basePRION:CVE-2013-6429

HistoryJan 26, 2014 - 4:58 p.m.

Xxe

2014-01-2616:58:00

PRIOn knowledge base

www.prio-n.com

4

9.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.765 High

EPSS

Percentile

98.1%

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

CPENameOperatorVersion
spring_frameworkge3.0.0
spring_frameworkle3.2.4
spring_frameworkeq4.0.0 rc1
spring_frameworkeq4.0.0 milestone2
spring_frameworkeq4.0.0 milestone1

References

rhn.redhat.com/errata/RHSA-2014-0400.html

secunia.com/advisories/57915

www.gopivotal.com/security/cve-2013-6429

www.securityfocus.com/archive/1/530770/100/0/threaded

www.securityfocus.com/bid/64947

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

jira.springsource.org/browse/SPR-11078?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel

9.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.765 High

EPSS

Percentile

98.1%

Related for PRION:CVE-2013-6429

github4 cve5 osv5 debiancve4 ubuntucve4 prion4 openvas6 securityvulns6 ibm12 nessus4 debian2 mageia2 checkpoint_advisories3 redhat5