You are here

CVE-2013-0315

Vincent (CVE) Danen's picture
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.

Details Source

Mitre

Public Date

2013-03-07 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-0315 GateIn Portal: XML eXternal Entity (XXE) flaw in site import

Bugzilla ID

913 340

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:P/I:N/A:N

Acknowledgements

This issue was discovered by Arun Neelicattu and David Jorm of the Red Hat Security Response Team.

IAVA

2013-A-0097

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Portal 5.2 RHSA-2013:0613 2013-03-07

Affected Packages State

Platform Package State
Red Hat JBoss Portal 5 Portal Affected