16 matches found
Design/Logic Flaw
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152...
Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed multiple Spring Framework security vulnerabilites. Vulnerability Details CVEID:CVE-2013-4152 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error...
Missing XML Validation in Spring Framework
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
RHEL 6 : activemq (RHSA-2014:0245)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0245 advisory. Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing ...
Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)
Summary Multiple vulnerabilities have been identified in the OpenSource/Pivotal Spring Framework version that is embeddded in IBM Tivoli Application Dependency Discovery Manager TADDM thus requiring an upgrade to Spring Framework version 3.2.13. Vulnerability Details CVEID: CVE-2014-3578...
Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's
Summary OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection X...
Security Bulletin: OpenSource Spring Source/Pivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)
Summary Pivotal Spring Framework could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when...
Important: Red Hat Security Advisory: activemq security update
An updated activemq package that fixes multiple security issues is now available for Red Hat OpenShift Enterprise 2.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Updated springframework package fixes security vulnerabilities
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
CVE-2013-4152
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
CVE-2013-4152
CVE-2013-4152 affects Spring Framework: the SourceHttpMessageConverter in Spring MVC with JAXB marshaller does not disable external entity resolution, enabling XXE to read files, cause DoS, and CSRF via XXE in DOMSource/StAXSource/SAXSource/StreamSource. Affected: Spring Framework pre-3.2.4 and 4...
[SECURITY] [DSA 2842-1] libspring-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2842-1 [email protected] http://www.debian.org/security/ Markus Koschany January 13, 2014 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2842-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)
A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...
CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework
Severity: Important Vendor: Spring by Pivotal Versions Affected: - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM - 4.0.0.M1-4.0.0.M2 Spring MVC - Earlier unsupported versions may also be affected Description: The Spring OXM wrapper did not expose any property for disabling entity...