4.3

CVE-2013-4590

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.0 Updaterc2
ApacheTomcat Version8.0.0 Updaterc3
ApacheTomcat Version8.0.0 Updaterc4
ApacheTomcat Version8.0.0 Updaterc5
ApacheTomcat Version8.0.0 Updaterc6
ApacheTomcat Version8.0.0 Updaterc7
ApacheTomcat Version8.0.0 Updaterc8
ApacheTomcat Version8.0.0 Updaterc9
DebianDebian Linux Version7.0
ApacheTomcat Version <= 6.0.37
ApacheTomcat Version1.1.3
ApacheTomcat Version3.0
ApacheTomcat Version3.1
ApacheTomcat Version3.1.1
ApacheTomcat Version3.2
ApacheTomcat Version3.2.1
ApacheTomcat Version3.2.2
ApacheTomcat Version3.2.2 Updatebeta2
ApacheTomcat Version3.2.3
ApacheTomcat Version3.2.4
ApacheTomcat Version3.3
ApacheTomcat Version3.3.1
ApacheTomcat Version3.3.1a
ApacheTomcat Version3.3.2
ApacheTomcat Version4
ApacheTomcat Version4.0.0
ApacheTomcat Version4.0.1
ApacheTomcat Version4.0.2
ApacheTomcat Version4.0.3
ApacheTomcat Version4.0.4
ApacheTomcat Version4.0.5
ApacheTomcat Version4.0.6
ApacheTomcat Version4.1.0
ApacheTomcat Version4.1.1
ApacheTomcat Version4.1.2
ApacheTomcat Version4.1.3
ApacheTomcat Version4.1.3 Updatebeta
ApacheTomcat Version4.1.9 Updatebeta
ApacheTomcat Version4.1.10
ApacheTomcat Version4.1.12
ApacheTomcat Version4.1.15
ApacheTomcat Version4.1.24
ApacheTomcat Version4.1.28
ApacheTomcat Version4.1.29
ApacheTomcat Version4.1.31
ApacheTomcat Version4.1.36
ApacheTomcat Version5
ApacheTomcat Version5.0.0
ApacheTomcat Version5.0.1
ApacheTomcat Version5.0.2
ApacheTomcat Version5.0.3
ApacheTomcat Version5.0.4
ApacheTomcat Version5.0.5
ApacheTomcat Version5.0.6
ApacheTomcat Version5.0.7
ApacheTomcat Version5.0.8
ApacheTomcat Version5.0.9
ApacheTomcat Version5.0.10
ApacheTomcat Version5.0.11
ApacheTomcat Version5.0.12
ApacheTomcat Version5.0.13
ApacheTomcat Version5.0.14
ApacheTomcat Version5.0.15
ApacheTomcat Version5.0.16
ApacheTomcat Version5.0.17
ApacheTomcat Version5.0.18
ApacheTomcat Version5.0.19
ApacheTomcat Version5.0.21
ApacheTomcat Version5.0.22
ApacheTomcat Version5.0.23
ApacheTomcat Version5.0.24
ApacheTomcat Version5.0.25
ApacheTomcat Version5.0.26
ApacheTomcat Version5.0.27
ApacheTomcat Version5.0.28
ApacheTomcat Version5.0.29
ApacheTomcat Version5.0.30
ApacheTomcat Version5.5.0
ApacheTomcat Version5.5.1
ApacheTomcat Version5.5.2
ApacheTomcat Version5.5.3
ApacheTomcat Version5.5.4
ApacheTomcat Version5.5.5
ApacheTomcat Version5.5.6
ApacheTomcat Version5.5.7
ApacheTomcat Version5.5.8
ApacheTomcat Version5.5.9
ApacheTomcat Version5.5.10
ApacheTomcat Version5.5.11
ApacheTomcat Version5.5.12
ApacheTomcat Version5.5.13
ApacheTomcat Version5.5.14
ApacheTomcat Version5.5.15
ApacheTomcat Version5.5.16
ApacheTomcat Version5.5.17
ApacheTomcat Version5.5.18
ApacheTomcat Version5.5.19
ApacheTomcat Version5.5.20
ApacheTomcat Version5.5.21
ApacheTomcat Version5.5.22
ApacheTomcat Version5.5.23
ApacheTomcat Version5.5.24
ApacheTomcat Version5.5.25
ApacheTomcat Version5.5.26
ApacheTomcat Version5.5.27
ApacheTomcat Version5.5.28
ApacheTomcat Version5.5.29
ApacheTomcat Version5.5.30
ApacheTomcat Version5.5.31
ApacheTomcat Version5.5.32
ApacheTomcat Version5.5.33
ApacheTomcat Version5.5.34
ApacheTomcat Version5.5.35
ApacheTomcat Version6
ApacheTomcat Version6.0
ApacheTomcat Version6.0.0
ApacheTomcat Version6.0.0 Updatealpha
ApacheTomcat Version6.0.1
ApacheTomcat Version6.0.1 Updatealpha
ApacheTomcat Version6.0.2
ApacheTomcat Version6.0.2 Updatealpha
ApacheTomcat Version6.0.2 Updatebeta
ApacheTomcat Version6.0.3
ApacheTomcat Version6.0.10
ApacheTomcat Version6.0.11
ApacheTomcat Version6.0.12
ApacheTomcat Version6.0.13
ApacheTomcat Version6.0.14
ApacheTomcat Version6.0.15
ApacheTomcat Version6.0.16
ApacheTomcat Version6.0.17
ApacheTomcat Version6.0.18
ApacheTomcat Version6.0.19
ApacheTomcat Version6.0.20
ApacheTomcat Version6.0.24
ApacheTomcat Version6.0.26
ApacheTomcat Version6.0.27
ApacheTomcat Version6.0.28
ApacheTomcat Version6.0.29
ApacheTomcat Version6.0.30
ApacheTomcat Version6.0.31
ApacheTomcat Version6.0.32
ApacheTomcat Version6.0.33
ApacheTomcat Version6.0.35
ApacheTomcat Version6.0.36
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.0 Updatebeta
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.2 Updatebeta
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.4 Updatebeta
ApacheTomcat Version7.0.10
ApacheTomcat Version7.0.11
ApacheTomcat Version7.0.12
ApacheTomcat Version7.0.13
ApacheTomcat Version7.0.14
ApacheTomcat Version7.0.15
ApacheTomcat Version7.0.16
ApacheTomcat Version7.0.17
ApacheTomcat Version7.0.18
ApacheTomcat Version7.0.19
ApacheTomcat Version7.0.20
ApacheTomcat Version7.0.21
ApacheTomcat Version7.0.22
ApacheTomcat Version7.0.23
ApacheTomcat Version7.0.24
ApacheTomcat Version7.0.25
ApacheTomcat Version7.0.26
ApacheTomcat Version7.0.27
ApacheTomcat Version7.0.28
ApacheTomcat Version7.0.29
ApacheTomcat Version7.0.30
ApacheTomcat Version7.0.31
ApacheTomcat Version7.0.32
ApacheTomcat Version7.0.33
ApacheTomcat Version7.0.34
ApacheTomcat Version7.0.35
ApacheTomcat Version7.0.36
ApacheTomcat Version7.0.37
ApacheTomcat Version7.0.38
ApacheTomcat Version7.0.39
ApacheTomcat Version7.0.40
ApacheTomcat Version7.0.41
ApacheTomcat Version7.0.42
ApacheTomcat Version7.0.43
ApacheTomcat Version7.0.44
ApacheTomcat Version7.0.45
ApacheTomcat Version7.0.46
ApacheTomcat Version7.0.50
OracleSolaris Version11.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.49% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://tomcat.apache.org/security-6.html
Vendor Advisory
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-7.html
Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://marc.info/?l=bugtraq&m=144498216801440&w=2
Mailing List
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
http://advisories.mageia.org/MGASA-2014-0148.html
Third Party Advisory
http://secunia.com/advisories/59036
Third Party Advisory
Permissions Required
http://secunia.com/advisories/59722
Third Party Advisory
Permissions Required
http://secunia.com/advisories/59724
Third Party Advisory
Permissions Required
http://secunia.com/advisories/59873
Third Party Advisory
Permissions Required
http://tomcat.apache.org/security-8.html
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21667883
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675886
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677147
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
Third Party Advisory
http://www.debian.org/security/2016/dsa-3530
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1549528
Issue Tracking
http://svn.apache.org/viewvc?view=revision&revision=1549529
Issue Tracking
http://svn.apache.org/viewvc?view=revision&revision=1558828
Issue Tracking
http://www.securityfocus.com/bid/65768
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1069911
Issue Tracking