CVE-2013-4590

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-02-2014 01:00

Last modified: - 25-02-2014 01:00

Total changes: - 18

Description

CVE-2013-4590 tomcat: information disclosure via XXE when running untrusted web applications

Common Vulnerability Scoring System (CVSS)

AV:L/AC:H/Au:N/C:P/I:N/A:N

High

Attack complexity

Local

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

-

Privileges required

-

Scope

-

User interaction

1.2

Base score

Exploitability score

Impact score

Verification logic

OR

AND

product=Tomcat AND versionEndExcluding=6.0.24-78.el6_5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=antlr-eap6-0 AND versionEndExcluding=2.7.7-17.redhat_4.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-collections-eap6-0 AND versionEndExcluding=3.2.1-15.redhat_3.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-eap6-1 AND versionEndExcluding=1.0.15-5.redhat_1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-jsvc-eap6-1 AND versionEndExcluding=1.0.15-6.redhat_2.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-pool-eap6-0 AND versionEndExcluding=1.6-7.redhat_6.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=dom4j-eap6-0 AND versionEndExcluding=1.6.1-20.redhat_6.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=ecj3-1 AND versionEndExcluding=3.7.2-9.redhat_3.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=hibernate4-eap6-0 AND versionEndExcluding=4.2.14-3.SP1_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=httpd-0 AND versionEndExcluding=2.2.26-35.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=javassist-eap6-0 AND versionEndExcluding=3.18.1-1.GA_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-logging-0 AND versionEndExcluding=3.1.4-1.GA_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-transaction-api_1.1_spec-0 AND versionEndExcluding=1.0.1-12.Final_redhat_2.2.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-0 AND versionEndExcluding=1.2.9-1.Final_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-native-0 AND versionEndExcluding=1.2.9-3.Final_redhat_2.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_jk-0 AND versionEndExcluding=1.2.40-2.redhat_1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_rt-0 AND versionEndExcluding=2.4.1-6.GA.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_snmp-0 AND versionEndExcluding=2.4.1-13.GA.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc6-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.3.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc7-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.5.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=6.0.41-6_patch_02.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=7.0.54-6_patch_02.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=1.1.30-2.redhat_1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=antlr-eap6-0 AND versionEndExcluding=2.7.7-17.redhat_4.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-collections-eap6-0 AND versionEndExcluding=3.2.1-15.redhat_3.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-eap6-1 AND versionEndExcluding=1.0.15-5.redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-jsvc-eap6-1 AND versionEndExcluding=1.0.15-6.redhat_2.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-logging-eap6-0 AND versionEndExcluding=1.1.1-7.9_redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-pool-eap6-0 AND versionEndExcluding=1.6-7.redhat_6.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=dom4j-eap6-0 AND versionEndExcluding=1.6.1-20.redhat_6.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=ecj3-1 AND versionEndExcluding=3.7.2-9.redhat_3.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=hibernate4-eap6-0 AND versionEndExcluding=4.2.14-3.SP1_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=httpd-0 AND versionEndExcluding=2.2.26-35.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=javassist-eap6-0 AND versionEndExcluding=3.18.1-1.GA_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-logging-0 AND versionEndExcluding=3.1.4-1.GA_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-transaction-api_1.1_spec-0 AND versionEndExcluding=1.0.1-12.Final_redhat_2.2.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-0 AND versionEndExcluding=1.2.9-1.Final_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-native-0 AND versionEndExcluding=1.2.9-3.Final_redhat_2.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_jk-0 AND versionEndExcluding=1.2.40-2.redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_rt-0 AND versionEndExcluding=2.4.1-6.GA.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_snmp-0 AND versionEndExcluding=2.4.1-13.GA.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc6-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.3.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc7-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.5.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=6.0.41-5_patch_02.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=7.0.54-6_patch_02.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=1.1.30-2.redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2.1

AND

product=Tomcat

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2.1

AND

product=Tomcat AND version=

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5

AND

product=Tomcat AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=Tomcat AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

Reference

Keywords

REDHAT

CVE-2013-4590

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.