what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2013-6430

Status Candidate

Overview

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Related Files

Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
SHA-256 | 59fb89a523cbebe70f311b3e2011f6b31d5456d35c7cb4af096d9f8a7b46823e
Red Hat Security Advisory 2014-0401-02
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2192, CVE-2013-4152, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
SHA-256 | 884c2290b52cd9e01634db919d477a8981b15a764efe9bb37401b8a31a1d82ba
Debian Security Advisory 2857-1
Posted Feb 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.

tags | advisory, xxe
systems | linux, debian
advisories | CVE-2013-6429, CVE-2013-6430
SHA-256 | 9c12097cfb875c61fce6e20b552e7f5f7b025cc8d7ef5982a220e834a33b1796
Spring JavaScriptUtils.javaScriptEscape() Escape Failure
Posted Jan 16, 2014
Authored by Pivotal Security Team

The JavaScriptUtils.javaScriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in a cross site scripting vulnerability. Spring MVC versions 3.0.0 through 3.2.1 are affected.

tags | advisory, xss
advisories | CVE-2013-6430
SHA-256 | 242790135a9927b7deb87c43607a629b3269e553eee7b7f28d9784435b870ce8
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close