Lucene search
RootSSV:61594HistoryFeb 27, 2014 - 12:00 a.m.
Apache TomcatXML外部实体信息泄漏漏洞
2014-02-2700:00:00
Root
www.seebug.org
25
0.002 Low
EPSS
Percentile
62.7%
Bugtraq ID:65768
CVE ID:CVE-2013-4590
Apache Tomcat是一款开放源码的JSP应用服务器程序。
Apache Tomcat提供类似web.xml, context.xml, *.tld, .tagx和.jspx的XML文件,允许攻击者利用漏洞进行XXE攻击,可获取Tomcat应用中的内部信息。当Tocat运行在不可信源上,如共享主机环境上受此漏洞影响。
0
Apache Tomcat 8.0.0-RC1
Apache Tomcat 7.0.0 - 7.0.42
Apache Tomcat 6.0.0 - 6.0.37
厂商补丁:
Apache
Apache Tomcat 8.0.0-RC3,7.0.47或6.0.39已经修复该漏洞,建议用户下载更新:
http://tomcat.apache.org/
Related
atlassian
atlassian
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
securityvulns
securityvulns
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
debiancve
debiancve
CVE-2013-4590
2014-02-26 14:55:00
ubuntucve
ubuntucve
CVE-2013-4590
2014-02-26 00:00:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
prion
prion
Xxe
2014-02-26 14:55:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:58:51
cve
cve
CVE-2013-4590
2014-02-26 14:55:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
tomcat6 - security update
2014-11-23 00:00:00
tomcat6 - regression update
2014-11-23 00:00:00
centos
centos
tomcat6 security update
2014-08-11 18:04:13
openvas
openvas
RedHat Update for tomcat6 RHSA-2014:1038-01
2014-08-12 00:00:00
Apache Tomcat Multiple Vulnerabilities - 02 (Mar 2014)
2014-03-25 00:00:00
CentOS Update for tomcat6 CESA-2014:1038 centos6
2014-08-12 00:00:00
nessus
nessus
Oracle Linux 6 : tomcat6 (ELSA-2014-1038)
2014-08-12 00:00:00
CentOS 6 : tomcat6 (CESA-2014:1038)
2014-08-12 00:00:00
Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140811)
2014-08-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in tomcat affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance (CVE-2013-4590, CVE-2014-0119)
2018-06-17 22:30:11
redhat
redhat
(RHSA-2014:1038) Low: tomcat6 security update
2014-08-11 00:00:00
(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 00:00:00
(RHSA-2014:1087) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 15:24:12
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
oraclelinux
oraclelinux
tomcat6 security update
2014-08-11 00:00:00
tomcat security update
2014-08-07 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00