Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2013-6429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which...

6.8CVSS7.3AI score0.90455EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2014-0096)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.9AI score0.90455EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.6 views

Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS7.5AI score0.91354EPSS
Exploits0References5
Debian
Debian
added 2014/02/08 2:41 p.m.43 views

[SECURITY] [DSA 2857-1] libspring-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2857-1 [email protected] http://www.debian.org/security/ Markus Koschany February 08, 2014 http://www.debian.org/security/faq -...

6.8CVSS6.9AI score0.90455EPSS
Exploits1
OSV
OSV
added 2014/01/26 4:58 p.m.11 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS5.6AI score0.90455EPSS
Exploits0References7
CVE
CVE
added 2014/01/26 11:0 a.m.164 views

CVE-2013-6429

CVE-2013-6429 involves Spring Framework’s SourceHttpMessageConverter in Spring MVC, where XML External Entity (XXE) processing is not disabled. This allows remote attackers to read arbitrary files, cause denial of service, and perform CSRF via crafted XML. Affected: Spring Framework versions befo...

6.8CVSS5.7AI score0.90455EPSS
Exploits0References7Affected Software2
Debian CVE
Debian CVE
added 2014/01/26 11:0 a.m.24 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS9.5AI score0.90455EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/09/29 12:0 a.m.18 views

Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)

A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...

7.5CVSS6.2AI score0.90455EPSS
Exploits6
Rows per page
Query Builder