Lucene search
K

107 matches found

OSV
OSV
added 2014/01/23 9:55 p.m.9 views

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS5.6AI score0.26467EPSS
Exploits1References14
Prion
Prion
added 2014/01/23 9:55 p.m.24 views

Xxe

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS9.2AI score0.26467EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCve
added 2014/01/23 9:55 p.m.39 views

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS7.3AI score0.26467EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2014/01/23 9:0 p.m.41 views

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS9.2AI score0.26467EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/01/14 12:0 a.m.37 views

Debian DSA-2842-1 : libspring-java - denial of service

Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites. The Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. There are four possible...

6.8CVSS8.2AI score0.26467EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2014/01/13 12:0 a.m.37 views

Debian Security Advisory DSA 2842-1 (libspring-java - denial of service)

Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites. The Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. There are four possible...

6.8CVSS6.5AI score0.26467EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2011/09/15 5:51 p.m.7 views

Important: Red Hat Security Advisory: jbossws-common security update

An updated jbossws-common.jar file for JBoss Enterprise Web Platform 5.1.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

5CVSS5.8AI score0.02664EPSS
Exploits0References3
Rows per page
Query Builder