Lucene search
K

3 matches found

seebug.org
seebug.org
added 2013/04/16 12:0 a.m.33 views

JBoss Enterprise Portal GateIn Portal XML解析任意文件读取漏洞

CVE ID:CVE-2013-0315 JBoss Enterprise Portal Platform是一款构建和管理动态网站的平台。 JBoss Enterprise Portal Platform GateIn Portal export/import gadget存在一个漏洞可导致XML外部实体攻击。如果提供给import gadget的XML包含外部XML实体,此实体会被解析,可访问import gadget的远程攻击者可以利用此漏洞以运行应用服务器上下文读取任意文件。 0 JBoss Enterprise Portal Platform 5.2.2 厂商解决方案...

5CVSS6.6AI score0.01371EPSS
Exploits1
CVE
CVE
added 2013/04/12 10:0 p.m.63 views

CVE-2013-0315

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 is vulnerable to an XML External Entity (XXE) attack via a crafted external XML entity in an XML document, enabling remote attackers to read arbitrary files on the server. Root cause: improper XML parsing in the Gate...

5CVSS6.8AI score0.01371EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2013/03/07 6:54 p.m.35 views

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...

7.5CVSS5.5AI score0.01635EPSS
Exploits2References4
Rows per page
Query Builder