Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-4590

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: https://bugzilla.redha...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
BID: 65768
SECUNIA: 59036
SECUNIA: 59722
SECUNIA: 59724
SECUNIA: 59873
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:052
MANDRIVA: MDVSA-2015:084
DEBIAN: DSA-3530
CONFIRM: http://www.oracle.com/...
CONFIRM: https://h20564.www2.hp...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
HP: HPSBOV03503
CONFIRM: http://www.oracle.com/...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20190413 ...
MLIST: [tomcat-dev] 20190415 ...
MLIST: [tomcat-dev] 20200203 ...
MLIST: [tomcat-dev] 20200213 ...

Launchpad.net

CVE 2013-4590

Related bugs

References