BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete Jan 14 2014 05:49PM
Pivotal Security Team (security gopivotal com)
Severity: Important

Vendor: Spring by Pivotal

Versions Affected:
- Spring MVC 3.0.0 to 3.2.4
- Spring MVC 4.0.0.M1-4.0.0.RC1
- Earlier unsupported versions may be affected

Description:
Spring MVC's SourceHttpMessageConverter also processed user provided XML and
neither disabled XML external entit...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus