CVE-2013-6429

NONECVSS 0.0

0.0

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

🔗 References (14)

secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-0400.html
secalert@redhathttp://secunia.com/advisories/57915
secalert@redhathttp://www.gopivotal.com/security/cve-2013-6429
secalert@redhathttp://www.securityfocus.com/archive/1/530770/100/0/threaded
secalert@redhathttp://www.securityfocus.com/bid/64947
secalert@redhathttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
secalert@redhathttps://jira.springsource.org/browse/SPR-11078?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0400.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57915
af854a3a-2127-422b-91ae-364da2661108http://www.gopivotal.com/security/cve-2013-6429
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/530770/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64947
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
af854a3a-2127-422b-91ae-364da2661108https://jira.springsource.org/browse/SPR-11078?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel

Is Your Infrastructure Affected by CVE-2013-6429?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-6429

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-6429?