Public Date:
1000186: CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw

The MITRE CVE dictionary describes this issue as:

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Find out more about CVE-2013-4152 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss SOA Platform 5.3 RHSA-2014:0212 2014-02-25
Red Hat JBoss Fuse 6.1 RHSA-2014:0400 2014-04-14
Red Hat JBoss A-MQ 6.1 RHSA-2014:0401 2014-04-14
RHOSE Client 1.2 (activemq) RHSA-2014:0254 2014-03-05
RHOSE Client 2.0 (activemq) RHSA-2014:0245 2014-03-03


External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.