what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2013-6429

Status Candidate

Overview

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Related Files

HP Security Bulletin HPSBGN03669 1
Posted Nov 15, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03669 1 - Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, local, vulnerability, code execution, csrf
advisories | CVE-2013-6429, CVE-2014-0050, CVE-2014-0107, CVE-2014-0114, CVE-2015-3253, CVE-2015-5652, CVE-2016-0763
MD5 | 9c99b97a183917775b0c0418b4194854
Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | cc88ecdb91a716104a78df1b3dd9c664
Red Hat Security Advisory 2014-0401-02
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2192, CVE-2013-4152, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | 4849d75300282602745f7c2369f2e14a
Spring MVC 3.2.8 / 4.0.1 Incomplete Fix
Posted Mar 12, 2014
Authored by Pivotal Security Team, Spase Markovski

Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.

tags | advisory, xxe
advisories | CVE-2014-0054, CVE-2013-4152, CVE-2013-6429
MD5 | 1980eaf30d0f1250b46ce44e4a77d587
Debian Security Advisory 2857-1
Posted Feb 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.

tags | advisory, xxe
systems | linux, debian
advisories | CVE-2013-6429, CVE-2013-6430
MD5 | 52f44cc3557767e775f779403b556fc0
Spring XXE Injection Incomplete Fix
Posted Jan 15, 2014
Authored by Pivotal Security Team

The fix for the XXE injection vulnerability in Spring's framework was incomplete when addressing the issue outlined in CVE-2013-4152. Versions affected include Spring MVC 3.0.0 to 3.2.4 and Spring MVC 4.0.0.M1 to 4.0.0.RC1.

tags | advisory, xxe
advisories | CVE-2013-4152, CVE-2013-6429
MD5 | 4abbcfb4e619444ff74e9294573030a3
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close