Lucene search
RedhatCVE-2013-0315HistoryApr 12, 2013 - 10:55 p.m.
CVE-2013-0315
2013-04-1222:55:01
CWE-264
redhat
web.nvd.nist.gov
34
cve-2013-0315
gatein portal
jboss enterprise portal platform
remote attack
arbitrary file read
xml entity expansion
xee
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
71.2%
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.
Affected configurations
Node
redhatjboss_enterprise_portal_platformMatch5.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | jboss_enterprise_portal_platform | 5.2.2 | cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2013-04-12 22:55:00
cvelist
cvelist
CVE-2013-0315
2013-04-12 22:00:00
nvd
nvd
CVE-2013-0315
2013-04-12 22:55:01
seebug
seebug
JBoss Enterprise Portal GateIn Portal XML解析任意文件读取漏洞
2013-04-16 00:00:00
redhat
redhat
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
71.2%
Related for CVE-2013-0315