CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1879 matches found

RedHat Linux•added 2014/02/25 4:41 p.m.•4 views

Framework: XML External Entity (XXE) injection flaw

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS7.3AI score0.26271EPSS

Exploits1References7

OSV•added 2014/02/10 7:51 p.m.•8 views

MGASA-2014-0042 Updated springframework packages fix CVE-2013-4152

Updated springframework packages fix security vulnerability: Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites CVE-2013-4152...

6.8CVSS5.7AI score0.26271EPSS

Exploits1References3

Tenable Nessus•added 2014/02/10 12:0 a.m.•42 views

Debian DSA-2857-1 : libspring-java - several vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS7AI score0.90455EPSS

Exploits1References5

Debian•added 2014/02/08 2:41 p.m.•43 views

[SECURITY] [DSA 2857-1] libspring-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2857-1 [email protected] http://www.debian.org/security/ Markus Koschany February 08, 2014 http://www.debian.org/security/faq -...

6.8CVSS6.9AI score0.90455EPSS

Exploits1

OpenVAS•added 2014/02/08 12:0 a.m.•50 views

Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)

6.8CVSS5.8AI score0.90455EPSS

Exploits1References1

NVD•added 2014/01/26 4:58 p.m.•20 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS7.2AI score0.90455EPSS

Exploits0References7

OSV•added 2014/01/26 4:58 p.m.•2 views

DEBIAN-CVE-2013-6429

6.8CVSS9.1AI score0.90455EPSS

Exploits0References1

Prion•added 2014/01/26 4:58 p.m.•35 views

Xxe

6.8CVSS9.2AI score0.90455EPSS

Exploits2References7Affected Software1

OSV•added 2014/01/26 4:58 p.m.•3 views

UBUNTU-CVE-2013-6429

6.8CVSS7.4AI score0.90455EPSS

Exploits0References4

Cvelist•added 2014/01/26 11:0 a.m.•32 views

CVE-2013-6429

6.6AI score0.90455EPSS

Exploits0References7

CVE•added 2014/01/26 11:0 a.m.•158 views

CVE-2013-6429

CVE-2013-6429 involves Spring Framework’s SourceHttpMessageConverter in Spring MVC, where XML External Entity (XXE) processing is not disabled. This allows remote attackers to read arbitrary files, cause denial of service, and perform CSRF via crafted XML. Affected: Spring Framework versions befo...

6.8CVSS5.7AI score0.90455EPSS

Exploits0References7Affected Software2

OSV•added 2014/01/23 9:55 p.m.•1 views

DEBIAN-CVE-2013-7315

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...

6.8CVSS9.1AI score0.03438EPSS

Exploits1References1

NVD•added 2014/01/23 9:55 p.m.•23 views

CVE-2013-7315

6.8CVSS7.2AI score0.03438EPSS

Exploits1References6

NVD•added 2014/01/23 9:55 p.m.•32 views

CVE-2013-4152

6.8CVSS7.2AI score0.26271EPSS

Exploits1References13

OSV•added 2014/01/23 9:55 p.m.•2 views

DEBIAN-CVE-2013-4152