CVE-2013-6430

Impact:: Moderate
Public Date:: 2014-01-14

Bugzilla:: 1039783: CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters

The MITRE CVE dictionary describes this issue as:

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Find out more about CVE-2013-6430 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score	4.3
Base Metrics	AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat JBoss Fuse 6.1	RHSA-2014:0400	2014-04-14
Red Hat JBoss A-MQ 6.1	RHSA-2014:0401	2014-04-14

Affected Packages State

Platform	Package	State
Red Hat JBoss Portal 5	spring	Will not fix
Red Hat JBoss Enterprise SOA Platform 4.3	spring	Will not fix
Red Hat JBoss EAP 5	spring	Will not fix
Red Hat JBoss EAP 4	spring	Will not fix

Acknowledgements

This issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team.

External References

http://www.gopivotal.com/security/cve-2013-6430

Last Modified 2018-05-01T18:58:46+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories