3 matches found
JBoss Enterprise Portal GateIn Portal XML解析任意文件读取漏洞
CVE ID:CVE-2013-0315 JBoss Enterprise Portal Platform是一款构建和管理动态网站的平台。 JBoss Enterprise Portal Platform GateIn Portal export/import gadget存在一个漏洞可导致XML外部实体攻击。如果提供给import gadget的XML包含外部XML实体,此实体会被解析,可访问import gadget的远程攻击者可以利用此漏洞以运行应用服务器上下文读取任意文件。 0 JBoss Enterprise Portal Platform 5.2.2 厂商解决方案...
CVE-2013-0315
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 is vulnerable to an XML External Entity (XXE) attack via a crafted external XML entity in an XML document, enabling remote attackers to read arbitrary files on the server. Root cause: improper XML parsing in the Gate...
Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update
An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...