Spring Framework CVE-2013-4152 Multiple XML External Entity Injection Vulnerabilities

Bugtraq ID: 61951
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2013-4152
Remote: Yes
Local: No
Published: Aug 22 2013 12:00AM
Updated: Oct 26 2016 01:09AM
Credit: Alvaro Munoz of the HP Enterprise Security Team.
Vulnerable: Redhat OpenShift Enterprise 2
Redhat OpenShift Enterprise 1
Redhat JBoss SOA Platform 5.3.1
Redhat JBoss Fuse 6.0.0
Redhat JBoss A-MQ 6.0.0
IBM Websphere Portal 8.5
IBM Websphere Portal 8.0
IBM Websphere Portal 8.0.0.1
GoPivotal Spring Framework (Spring OXM) 4.0.0.M1
GoPivotal Spring Framework (Spring OXM) 3.2.3
GoPivotal Spring Framework (Spring OXM) 3.0.0
GoPivotal Spring Framework (Spring MVC) 4.0.0.M2
GoPivotal Spring Framework (Spring MVC) 4.0.0.M1
GoPivotal Spring Framework (Spring MVC) 3.2.3
GoPivotal Spring Framework (Spring MVC) 3.0.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Redhat JBoss Fuse 6.1.0
Redhat JBoss A-MQ 6.1.0
GoPivotal Spring Framework (Spring OXM) 4.0.0.M2
GoPivotal Spring Framework (Spring OXM) 3.2.4
GoPivotal Spring Framework (Spring MVC) 4.0.0.RC1
GoPivotal Spring Framework (Spring MVC) 3.2.4


 

Privacy Statement
Copyright 2010, SecurityFocus