Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2013-4590

Disclosure Date: February 26, 2014 •

Description

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain “Tomcat internals” information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Products

References

Canonical

CVE-2013-4590 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590)

BID-65768 (http://www.securityfocus.com/bid/65768)

Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:052

SECUNIA-59724 (http://secunia.com/advisories/59724)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

DSA-3530 (http://www.debian.org/security/2016/dsa-3530)

http://tomcat.apache.org/security-7.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://tomcat.apache.org/security-8.html

http://www-01.ibm.com/support/docview.wss?uid=swg21677147

http://svn.apache.org/viewvc?view=revision&revision=1549528

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

http://advisories.mageia.org/MGASA-2014-0148.html

https://bugzilla.redhat.com/show_bug.cgi?id=1069911

SECUNIA-59722 (http://secunia.com/advisories/59722)

http://tomcat.apache.org/security-6.html

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

SECUNIA-59873 (http://secunia.com/advisories/59873)

http://www-01.ibm.com/support/docview.wss?uid=swg21667883

http://svn.apache.org/viewvc?view=revision&revision=1558828

HPSBOV03503 (http://marc.info?l=bugtraq&m=144498216801440&w=2)

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www-01.ibm.com/support/docview.wss?uid=swg21675886

http://svn.apache.org/viewvc?view=revision&revision=1549529

SECUNIA-59036 (http://secunia.com/advisories/59036)

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E)

Rapid7

Technical Analysis