exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2013-4590

Status Candidate

Overview

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Related Files

Debian Security Advisory 3530-1
Posted Mar 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3530-1 - Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227, CVE-2014-0230, CVE-2014-7810, CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
SHA-256 | 77795095ecabfbe0b7faeebcf56310cbe664e59cc59399f4ca8042fe47af5751
HP Security Bulletin HPSBOV03503 1
Posted Oct 16, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03503 1 - Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4444, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0230, CVE-2014-0277
SHA-256 | 529c9865f300c4577f0cb1a099b9c6c0dc655e76cec33af6c93b9fc6302c8152
Mandriva Linux Security Advisory 2015-084
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-084 - An updated tomcat package fixes multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4322, CVE-2013-4590, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
SHA-256 | 64e66ca878e099d017de20173c80aa4b21ef506d6441fa3365891cde5f40850e
Mandriva Linux Security Advisory 2015-052
Posted Mar 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-052 - Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via a Content-Length header and a Transfer-Encoding: chunked header. Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. Various otehr issues have also been addressed.

tags | advisory, java, remote, web, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
SHA-256 | 97bbcd6d4926c538ddee85ad3d0f0b44d18269f0be80dd2f5d3003993c58a4a6
Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | 812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
VMware Security Advisory 2014-0008
Posted Sep 11, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0008 - VMware has updated vSphere third party libraries.

tags | advisory
advisories | CVE-2013-0242, CVE-2013-1914, CVE-2013-4322, CVE-2013-4590, CVE-2014-0050, CVE-2014-0114
SHA-256 | 961f1fa58ab6b80903bbc3ac882d262194e375452629d457597ffbc1b2b2c93c
Red Hat Security Advisory 2014-1086-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1086-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0221, CVE-2014-0226, CVE-2014-0231
SHA-256 | 1869ac672baeb6d6231ed4264632e0262537ca84832e3d8b68ec845527428f94
Red Hat Security Advisory 2014-1087-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1087-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0226, CVE-2014-0231
SHA-256 | 7b43399c8297d76dd46dd0933745d26b4de10eebe9f700a43e687901819a236b
Red Hat Security Advisory 2014-1088-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1088-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0226, CVE-2014-0231
SHA-256 | 4da1d3ba75d748e08e95de45e5cf1defc759a9a506037cddf827b73f39496145
Red Hat Security Advisory 2014-1038-01
Posted Aug 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1038-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment.

tags | advisory, java, web, xxe
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0119
SHA-256 | 220eef9b77e8329c308283833debe085021b4510cef9b147d1800c2590e7f7da
Apache Tomcat Information Disclosure Via XXE
Posted Feb 26, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability via XXE when running untrusted web applications.

tags | advisory, web, info disclosure, xxe
advisories | CVE-2013-4590
SHA-256 | e5038c902c4a597115e468b2cd9304969026597458d6fd3280891c6e2c2d59df
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close