Lucene search
Ubuntu.comUB:CVE-2013-4590HistoryFeb 26, 2014 - 12:00 a.m.
CVE-2013-4590
2014-02-2600:00:00
ubuntu.com
ubuntu.com
14
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
65.0%
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
allows attackers to obtain โTomcat internalsโ information by leveraging the
presence of an untrusted web application with a context.xml, web.xml,
*.jspx, *.tagx, or *.tld XML document containing an external entity
declaration in conjunction with an entity reference, related to an XML
External Entity (XXE) issue.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | only occurs when running untrusted content. Patch is intrusive. |
Related
atlassian
atlassian
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
cve
cve
CVE-2013-4590
2014-02-26 14:55:08
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
tomcat6 - regression update
2014-11-23 00:00:00
tomcat6 - security update
2014-11-23 00:00:00
nvd
nvd
CVE-2013-4590
2014-02-26 14:55:08
seebug
seebug
Apache TomcatXMLๅค้จๅฎไฝไฟกๆฏๆณๆผๆผๆด
2014-02-27 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
debiancve
debiancve
CVE-2013-4590
2014-02-26 14:55:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
cvelist
cvelist
CVE-2013-4590
2014-02-26 11:00:00
prion
prion
Xxe
2014-02-26 14:55:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:58:51
openvas
openvas
Apache Tomcat Multiple Vulnerabilities - 02 (Mar 2014)
2014-03-25 00:00:00
RedHat Update for tomcat6 RHSA-2014:1038-01
2014-08-12 00:00:00
CentOS Update for tomcat6 CESA-2014:1038 centos6
2014-08-12 00:00:00
nessus
nessus
Oracle Linux 6 : tomcat6 (ELSA-2014-1038)
2014-08-12 00:00:00
Apache Tomcat 7.0.0 < 7.0.50 multiple vulnerabilities
2014-02-25 00:00:00
RHEL 6 : tomcat6 (RHSA-2014:1038)
2014-08-12 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2014:1038) Low: tomcat6 security update
2014-08-11 00:00:00
(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 00:00:00
(RHSA-2014:1087) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 15:24:12
centos
centos
tomcat6 security update
2014-08-11 18:04:13
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
tomcat
tomcat
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
oraclelinux
oraclelinux
tomcat6 security update
2014-08-11 00:00:00
tomcat security update
2014-08-07 00:00:00
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
65.0%
Related for UB:CVE-2013-4590