Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4590

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4590
Last Modified 01 Apr 2015 09:59:05
Published 26 Feb 2014 09:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4590

Summary

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Systems

Application

  • Apache Tomcat 1.1.3

  • Apache Tomcat 3.0

  • Apache Tomcat 3.1

  • Apache Tomcat 3.1.1

  • Apache Tomcat 3.2

  • Apache Tomcat 3.2.1

  • Apache Tomcat 3.2.2

  • Apache Tomcat 3.2.3

  • Apache Tomcat 3.2.4

  • Apache Tomcat 3.3

  • Apache Tomcat 3.3.1

  • Apache Tomcat 3.3.1a

  • Apache Tomcat 3.3.2

  • Apache Tomcat 4

  • Apache Tomcat 4.0.0

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.0.6

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.29

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.36

  • Apache Tomcat 4.1.9

  • Apache Tomcat 5

  • Apache Tomcat 5.0.0

  • Apache Tomcat 5.0.1

  • Apache Tomcat 5.0.10

  • Apache Tomcat 5.0.11

  • Apache Tomcat 5.0.12

  • Apache Tomcat 5.0.13

  • Apache Tomcat 5.0.14

  • Apache Tomcat 5.0.15

  • Apache Tomcat 5.0.16

  • Apache Tomcat 5.0.17

  • Apache Tomcat 5.0.18

  • Apache Tomcat 5.0.19

  • Apache Tomcat 5.0.2

  • Apache Tomcat 5.0.21

  • Apache Tomcat 5.0.22

  • Apache Tomcat 5.0.23

  • Apache Tomcat 5.0.24

  • Apache Tomcat 5.0.25

  • Apache Tomcat 5.0.26

  • Apache Tomcat 5.0.27

  • Apache Tomcat 5.0.28

  • Apache Tomcat 5.0.29

  • Apache Tomcat 5.0.3

  • Apache Tomcat 5.0.30

  • Apache Tomcat 5.0.4

  • Apache Tomcat 5.0.5

  • Apache Tomcat 5.0.6

  • Apache Tomcat 5.0.7

  • Apache Tomcat 5.0.8

  • Apache Tomcat 5.0.9

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.27

  • Apache Tomcat 5.5.28

  • Apache Tomcat 5.5.29

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.30

  • Apache Tomcat 5.5.31

  • Apache Tomcat 5.5.32

  • Apache Tomcat 5.5.33

  • Apache Tomcat 5.5.34

  • Apache Tomcat 5.5.35

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6

  • Apache Tomcat 6.0

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.17

  • Apache Tomcat 6.0.18

  • Apache Tomcat 6.0.19

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.20

  • Apache Tomcat 6.0.24

  • Apache Tomcat 6.0.26

  • Apache Tomcat 6.0.27

  • Apache Tomcat 6.0.28

  • Apache Tomcat 6.0.29

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.30

  • Apache Tomcat 6.0.31

  • Apache Tomcat 6.0.32

  • Apache Tomcat 6.0.33

  • Apache Tomcat 6.0.35

  • Apache Tomcat 6.0.36

  • Apache Tomcat 6.0.37

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.12

  • Apache Tomcat 7.0.13

  • Apache Tomcat 7.0.14

  • Apache Tomcat 7.0.15

  • Apache Tomcat 7.0.16

  • Apache Tomcat 7.0.17

  • Apache Tomcat 7.0.18

  • Apache Tomcat 7.0.19

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.20

  • Apache Tomcat 7.0.21

  • Apache Tomcat 7.0.22

  • Apache Tomcat 7.0.23

  • Apache Tomcat 7.0.24

  • Apache Tomcat 7.0.25

  • Apache Tomcat 7.0.26

  • Apache Tomcat 7.0.27

  • Apache Tomcat 7.0.28

  • Apache Tomcat 7.0.29

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.30

  • Apache Tomcat 7.0.31

  • Apache Tomcat 7.0.32

  • Apache Tomcat 7.0.33

  • Apache Tomcat 7.0.34

  • Apache Tomcat 7.0.35

  • Apache Tomcat 7.0.36

  • Apache Tomcat 7.0.37

  • Apache Tomcat 7.0.38

  • Apache Tomcat 7.0.39

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.40

  • Apache Tomcat 7.0.41

  • Apache Tomcat 7.0.42

  • Apache Tomcat 7.0.43

  • Apache Tomcat 7.0.44

  • Apache Tomcat 7.0.45

  • Apache Tomcat 7.0.46

  • Apache Tomcat 7.0.50

  • Apache Tomcat 8.0.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1069911

CONFIRM - http://tomcat.apache.org/security-8.html

CONFIRM - http://tomcat.apache.org/security-7.html

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1558828

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1549529

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1549528

BID - 65768

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21678231

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677147

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21675886

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21667883

SECUNIA - 59873

SECUNIA - 59724

SECUNIA - 59722

SECUNIA - 59036

MANDRIVA - MDVSA-2015:052

CONFIRM - http://advisories.mageia.org/MGASA-2014-0148.html

MANDRIVA - MDVSA-2015:084

Related Patches

SUN122911-34 Solaris 10 SPARC: Apache 1.3 Patch

SUN122912-34 Solaris 10 x86: Apache 1.3 Patch


Last Updated: 27 May 2016 10:55:15