Versio.io

CVE-2013-6429

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 26-01-2014 05:58
Last modified: - 11-04-2022 07:16
Total changes: - 2

Description

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P
Low
Attack complexity
Network
Attack vector
Low
Availability
Low
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
6.8
Base score
8.6
6.4
Exploitability score
Impact score
 

Verification logic

OR
vendor=vmware AND product=spring_framework AND version=4.0.0 AND update=milestone1
vendor=vmware AND product=spring_framework AND version=4.0.0 AND update=milestone2
vendor=vmware AND product=spring_framework AND version=4.0.0 AND update=rc1
vendor=pivotal_software AND product=spring_framework AND versionEndIncluding=3.2.4 AND versionStartIncluding=3.0.0
 

Reference

 


Keywords

NVD

 

CVE-2013-6429

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.