exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2013-4152

больше 11 лет назад

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

CVSS2: 6.8

EPSS: Высокий

CVE-2013-4152

почти 12 лет назад

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

CVSS2: 5

EPSS: Высокий

CVE-2013-4152

больше 11 лет назад

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

CVSS2: 6.8

EPSS: Высокий

CVE-2013-4152

больше 11 лет назад

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...

CVSS2: 6.8

EPSS: Высокий

GHSA-rp4p-g69r-438x

около 3 лет назад

Cross-Site Request Forgery in Spring Framework

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2013-4152 The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.	CVSS2: 6.8	84% Высокий	больше 11 лет назад
CVE-2013-4152 The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.	CVSS2: 5	84% Высокий	почти 12 лет назад
CVE-2013-4152 The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.	CVSS2: 6.8	84% Высокий	больше 11 лет назад
CVE-2013-4152 The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...	CVSS2: 6.8	84% Высокий	больше 11 лет назад
GHSA-rp4p-g69r-438x Cross-Site Request Forgery in Spring Framework		84% Высокий	около 3 лет назад

Уязвимостей на страницу