Lucene search
FsimCWD-3930HistoryMay 24, 2014 - 4:42 a.m.
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-2404:42:42
fsim
jira.atlassian.com
15
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
65.0%
Crowd 2.7.2 is shipped with Tomcat 7.0.42, which is susceptible to [CVE-2013-4590|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4590]
h3.Workaround
Deploy Crowd WAR instead, with Tomcat 7.0.50 or above. Instructions here: https://confluence.atlassian.com/display/CROWD/Installing+Crowd+WAR+Distribution
Affected configurations
Node
atlassiancrowdRangeโค2.7.2
ORatlassiancrowdRange<2.8
Related
cve
cve
CVE-2013-4590
2014-02-26 14:55:08
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
tomcat6 - regression update
2014-11-23 00:00:00
tomcat6 - security update
2014-11-23 00:00:00
nvd
nvd
CVE-2013-4590
2014-02-26 14:55:08
atlassian
atlassian
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
seebug
seebug
Apache TomcatXMLๅค้จๅฎไฝไฟกๆฏๆณๆผๆผๆด
2014-02-27 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
debiancve
debiancve
CVE-2013-4590
2014-02-26 14:55:00
ubuntucve
ubuntucve
CVE-2013-4590
2014-02-26 00:00:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
cvelist
cvelist
CVE-2013-4590
2014-02-26 11:00:00
prion
prion
Xxe
2014-02-26 14:55:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:58:51
openvas
openvas
Apache Tomcat Multiple Vulnerabilities - 02 (Mar 2014)
2014-03-25 00:00:00
RedHat Update for tomcat6 RHSA-2014:1038-01
2014-08-12 00:00:00
CentOS Update for tomcat6 CESA-2014:1038 centos6
2014-08-12 00:00:00
nessus
nessus
Oracle Linux 6 : tomcat6 (ELSA-2014-1038)
2014-08-12 00:00:00
Apache Tomcat 7.0.0 < 7.0.50 multiple vulnerabilities
2014-02-25 00:00:00
RHEL 6 : tomcat6 (RHSA-2014:1038)
2014-08-12 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2014:1038) Low: tomcat6 security update
2014-08-11 00:00:00
(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 00:00:00
(RHSA-2014:1087) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 15:24:12
centos
centos
tomcat6 security update
2014-08-11 18:04:13
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
tomcat
tomcat
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
oraclelinux
oraclelinux
tomcat6 security update
2014-08-11 00:00:00
tomcat security update
2014-08-07 00:00:00
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
65.0%
Related for CWD-3930