Lucene search
K

16 matches found

Prion
Prion
added 2023/08/03 3:15 a.m.25 views

Design/Logic Flaw

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152...

6.4CVSS6.8AI score0.26467EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.116 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed multiple Spring Framework security vulnerabilites. Vulnerability Details CVEID:CVE-2013-4152 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error...

7.5CVSS6.8AI score0.91354EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.32 views

Missing XML Validation in Spring Framework

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...

6.8CVSS5.3AI score0.03438EPSS
Exploits1References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/12/04 12:0 a.m.36 views

RHEL 6 : activemq (RHSA-2014:0245)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0245 advisory. Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing ...

7.5CVSS9AI score0.26467EPSS
Exploits4References10
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:35 p.m.41 views

Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)

Summary Multiple vulnerabilities have been identified in the OpenSource/Pivotal Spring Framework version that is embeddded in IBM Tivoli Application Dependency Discovery Manager TADDM thus requiring an upgrade to Spring Framework version 3.2.13. Vulnerability Details CVEID: CVE-2014-3578...

6.8CVSS0.7AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.48 views

Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection X...

6.8CVSS1.1AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.43 views

Security Bulletin: OpenSource Spring Source/Pivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary Pivotal Spring Framework could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when...

6.8CVSS1.1AI score0.91354EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2014/03/03 6:25 p.m.55 views

Important: Red Hat Security Advisory: activemq security update

An updated activemq package that fixes multiple security issues is now available for Red Hat OpenShift Enterprise 2.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS7.9AI score0.26467EPSS
Exploits4References5
Mageia
Mageia
added 2014/02/25 9:35 p.m.63 views

Updated springframework package fixes security vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS0.6AI score0.90455EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/02/08 12:0 a.m.53 views

Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS5.8AI score0.90455EPSS
Exploits1References1
OSV
OSV
added 2014/01/23 9:55 p.m.9 views

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS5.6AI score0.26467EPSS
Exploits1References14
CVE
CVE
added 2014/01/23 9:0 p.m.243 views

CVE-2013-4152

CVE-2013-4152 affects Spring Framework: the SourceHttpMessageConverter in Spring MVC with JAXB marshaller does not disable external entity resolution, enabling XXE to read files, cause DoS, and CSRF via XXE in DOMSource/StAXSource/SAXSource/StreamSource. Affected: Spring Framework pre-3.2.4 and 4...

6.8CVSS5.7AI score0.26467EPSS
Exploits1References13Affected Software2
Debian
Debian
added 2014/01/13 4:6 p.m.50 views

[SECURITY] [DSA 2842-1] libspring-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2842-1 [email protected] http://www.debian.org/security/ Markus Koschany January 13, 2014 http://www.debian.org/security/faq -...

6.8CVSS7.6AI score0.26467EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/01/12 12:0 a.m.28 views

Debian: Security Advisory (DSA-2842-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.26467EPSS
Exploits2References3
Check Point Advisories
Check Point Advisories
added 2013/09/29 12:0 a.m.4 views

Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)

A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...

7.5CVSS6.2AI score0.90455EPSS
Exploits6
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.262 views

CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework

Severity: Important Vendor: Spring by Pivotal Versions Affected: - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM - 4.0.0.M1-4.0.0.M2 Spring MVC - Earlier unsupported versions may also be affected Description: The Spring OXM wrapper did not expose any property for disabling entity...

6.8CVSS0.2AI score0.26467EPSS
Exploits1
Rows per page
Query Builder