Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability

Bugtraq ID: 65768
Class: Design Error
CVE: CVE-2013-4590
Remote: Yes
Local: No
Published: Feb 25 2014 12:00AM
Updated: Oct 26 2016 01:13AM
Credit: Apache Tomcat Security Team
Vulnerable: VMWare vCenter Server 5.5
VMWare vCenter Server 5.1
VMWare vCenter Server 5.0
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux Desktop Optional 6
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Oracle Communications Policy Management 12.1.1
Oracle Communications Policy Management 10.4.1
Oracle Communications Policy Management 9.9.1
Oracle Communications Policy Management 9.7.3
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Juniper Security Threat Response Manager 2013.2
Juniper Secure Analytics 2013.2
IBM WebSphere Application Server Community Edition 3.0.0.4
IBM WebSphere Application Server Community Edition 2.1.1.6
IBM UrbanCode Release 6.0.1
IBM UrbanCode Release 6.0.1.3
IBM UrbanCode Release 6.0.1.2
IBM UrbanCode Release 6.0.1.1
IBM UrbanCode Release 6.0.0.1
IBM UrbanCode Release 6.0
IBM UrbanCode Deploy 6.0.1 3
IBM UrbanCode Deploy 6.0.1 2
IBM UrbanCode Deploy 6.0.1 1
IBM UrbanCode Deploy 6.0.1
IBM UrbanCode Deploy 6.0
IBM Tivoli Application Dependency Discovery Manager 7.2.2
IBM Tivoli Application Dependency Discovery Manager 7.2.1
IBM Tivoli Application Dependency Discovery Manager 7.2.0
IBM Tivoli Application Dependency Discovery Manager 7.1.2
IBM Storwize V7000 Unified 1.4.3 2
IBM Storwize V7000 Unified 1.4 1
IBM Storwize V7000 Unified 1.4 0
IBM Storwize V7000 Unified 1.3.2 3
IBM Storwize V7000 Unified 1.3.2 1
IBM Storwize V7000 Unified 1.3.2 0
IBM Storwize V7000 Unified 1.4.3.0
IBM Storwize V7000 Unified 1.4.2.1
IBM Storwize V7000 Unified 1.4.2.0
IBM Storwize V7000 Unified 1.4.1.1
IBM Storwize V7000 Unified 1.4.1.0
IBM Storwize V7000 Unified 1.3.1.0
IBM Storwize V7000 Unified 1.3.0.5
IBM Storwize V7000 Unified 1.3.0.0
IBM Scale Out Network Attached Storage 1.3.2 1-21
IBM Scale Out Network Attached Storage 1.3.2 1-20
IBM Scale Out Network Attached Storage 1.3.2
IBM Scale Out Network Attached Storage 1.3.1
IBM Scale Out Network Attached Storage 1.4.3.2
IBM Scale Out Network Attached Storage 1.4.3.1
IBM Scale Out Network Attached Storage 1.4.3.0
IBM Scale Out Network Attached Storage 1.4.2.1
IBM Scale Out Network Attached Storage 1.4.2.0
IBM Scale Out Network Attached Storage 1.4.1.0
IBM Scale Out Network Attached Storage 1.3.2.3
IBM Scale Out Network Attached Storage 1.3.2.2
IBM Scale Out Network Attached Storage 1.3.0.5
IBM Scale Out Network Attached Storage 1.3.0.4
IBM Scale Out Network Attached Storage 1.3.0.0
IBM Rational Test Workbench 8.5 2
IBM Rational Test Workbench 8.5 1
IBM Rational Test Workbench 8.0.1 4
IBM Rational Test Workbench 8.0.1 3
IBM Rational Test Workbench 8.0.1 2
IBM Rational Test Workbench 8.0.1 1
IBM Rational Test Workbench 8.0.1
IBM Rational Test Workbench 8.0 3
IBM Rational Test Workbench 8.0 2
IBM Rational Test Workbench 8.0 1
IBM Rational Test Workbench 8.5
IBM Rational Test Workbench 8.0
IBM Rational SAP Connector 4.0.0.3
IBM Rational SAP Connector 4.0.0.2
IBM Rational SAP Connector 4.0.0.1
IBM Rational Lifecycle Adapter for HP ALM 1.1
IBM Rational Lifecycle Adapter for HP ALM 1.0
IBM Rational DOORS Web Access 9.5.2 1
IBM Rational DOORS Web Access 9.5.2
IBM Rational DOORS Web Access 9.5.1 1
IBM Rational DOORS Web Access 9.5.1
IBM Rational DOORS Web Access 9.5 1
IBM Rational DOORS Web Access 1.5 1
IBM Rational DOORS Web Access 1.4 5
IBM Rational DOORS Web Access 1.4 4
IBM Rational DOORS Web Access 9.6
IBM Rational DOORS Web Access 9.5
IBM Rational DOORS Web Access 1.5
IBM QRadar Security Information and Event Manager 7.2 MR2
IBM QRadar Security Information and Event Manager 7.1 MR2
IBM OpenPages GRC Platform 7.0
IBM OpenPages GRC Platform 6.2.1
IBM OpenPages GRC Platform 6.1.0.1
IBM OpenPages GRC Platform 6.0.1.5
IBM CCR Drop 13.7
IBM CCR Drop 13.5
IBM CCR 5.0
IBM CCR 4.9
IBM ARA 2.5.7 2
IBM ARA 2.5.7 1
IBM ARA 2.5.6
IBM ARA 2.5.5 2
IBM ARA 2.5.5
IBM ARA 2.5.4
IBM ARA 2.5.3
IBM ARA 2.5.2
IBM ARA 2.5.1
IBM ARA 2.5
IBM ARA 2.4.2
IBM ARA 2.4.1
IBM ARA 2.4 1
IBM Algo One 5.0
IBM Algo One 4.9
IBM Algo One 4.8
IBM Algo One 4.7.1
IBM Algo One 4.7
IBM Algo One 4.9.1
IBM Algo Audit and Compliance 2.1.0.2
IBM Algo Audit and Compliance 2.1
HP OpenVMS CSWS_JAVA 7.0.29
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6
Avaya Proactive Contact 5.1
Avaya Proactive Contact 5.0
Avaya Messaging Application Server 5.2.1
Avaya Messaging Application Server 5.0.1
Avaya Messaging Application Server 5.2
Avaya Messaging Application Server 5.0
Avaya Meeting Exchange 6.2
Avaya Meeting Exchange 6.0
Avaya Meeting Exchange 5.2 SP2
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0
Avaya IQ 5.2
Avaya IQ 5.1.1
Avaya IQ 5.1
Avaya IQ 5
Avaya IP Office Server Edition 9.0
Avaya IP Office Server Edition 8.1
Avaya IP Office Application Server 9.0
Avaya IP Office Application Server 8.1
Avaya IP Office Application Server 8.0
Avaya Communication Server 1000M Signaling Server 7.6
Avaya Communication Server 1000M Signaling Server 7.5
Avaya Communication Server 1000M Signaling Server 7.0
Avaya Communication Server 1000M 7.6
Avaya Communication Server 1000M 7.5
Avaya Communication Server 1000M 7.0
Avaya Communication Server 1000E Signaling Server 7.6
Avaya Communication Server 1000E Signaling Server 7.5
Avaya Communication Server 1000E Signaling Server 7.0
Avaya Communication Server 1000E 7.6
Avaya Communication Server 1000E 7.5
Avaya Communication Server 1000E 7.0
Avaya Aura Utility Services 6.2
Avaya Aura System Platform 6.2.2
Avaya Aura System Platform 6.2.1
Avaya Aura System Platform 6.0.2
Avaya Aura System Platform 6.0.1
Avaya Aura System Platform 6.3
Avaya Aura System Platform 6.2.1.0.9
Avaya Aura System Platform 6.2 SP1
Avaya Aura System Platform 6.2
Avaya Aura System Platform 6.0.3.9.3
Avaya Aura System Platform 6.0.3.8.3
Avaya Aura System Platform 6.0.3.0.3
Avaya Aura System Platform 6.0 SP3
Avaya Aura System Platform 6.0 SP2
Avaya Aura System Platform 6.0
Avaya Aura System Platform 1.1
Avaya Aura Presence Services 6.1.2
Avaya Aura Presence Services 6.1.1
Avaya Aura Presence Services 6.2
Avaya Aura Presence Services 6.1 SP2
Avaya Aura Presence Services 6.1 SP1
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.0
Avaya Aura Messaging 6.1.1
Avaya Aura Messaging 6.2
Avaya Aura Messaging 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0.1
Avaya Aura Messaging 6.0
Avaya Aura Experience Portal 6.0.2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Experience Portal 6.0.1
Avaya Aura Experience Portal 7.0
Avaya Aura Experience Portal 6.0 SP2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Experience Portal 6.0 SP1
Avaya Aura Experience Portal 6.0
Avaya Aura Conferencing 7.0
Avaya Aura Conferencing 6.0 Standard
Avaya Aura Application Server 5300 SIP Core 3.0
Avaya Aura Application Server 5300 SIP Core 2.1
Avaya Aura Application Server 5300 SIP Core 2.0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 6.2
Avaya Aura Application Enablement Services 6.1.2
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 6.0
Avaya Aura Application Enablement Services 5.2.4
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2
Avaya Aura Application Enablement Services 5.0
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0
Apache Tomcat 6.0.37
Apache Tomcat 6.0.36
Apache Tomcat 6.0.35
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0 alpha
Apache Tomcat 6.0
Apache Tomcat 8.0.0-RC5
Apache Tomcat 8.0.0-RC1
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.4 Beta
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.2 Beta
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 6.0.9 Beta
Apache Tomcat 6.0.8 Alpha
Apache Tomcat 6.0.7 Beta
Apache Tomcat 6.0.7 Alpha
Apache Tomcat 6.0.6 Alpha
Apache Tomcat 6.0.4 Alpha
Apache Tomcat 6.0.33
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.29
Apache Tomcat 6.0.2 Beta
Apache Tomcat 6.0.2 Alpha
Apache Tomcat 6.0.19
Apache Tomcat 6.0.1 Alpha
Not Vulnerable: VMWare vCenter Server 5.5 Update 2
Juniper Security Threat Response Manager 2013.2R8
Juniper Secure Analytics 2014.2R3
Juniper Secure Analytics 2014.2R2
Juniper Secure Analytics 2013.2R8
IBM UrbanCode Release 6.0.1.4
IBM UrbanCode Deploy 6.0.1 4
IBM Tivoli Application Dependency Discovery Manager 7.2.2.1
IBM Tivoli Application Dependency Discovery Manager 7.2.1.6
IBM Tivoli Application Dependency Discovery Manager 7.2.0.10
IBM Storwize V7000 Unified 1.4.3 3
IBM Rational SAP Connector 4.0.0.4
IBM OpenPages GRC Platform 6.1.0.1.4
Apache Tomcat 7.0.50
Apache Tomcat 8.0.0-RC10
Apache Tomcat 6.0.39


 

Privacy Statement
Copyright 2010, SecurityFocus