Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://advisories.mageia.org/MGASA-2014-0148.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144498216801440&w=2 cve-icon cve-icon
http://secunia.com/advisories/59036 cve-icon cve-icon
http://secunia.com/advisories/59722 cve-icon cve-icon
http://secunia.com/advisories/59724 cve-icon cve-icon
http://secunia.com/advisories/59873 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1549528 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1549529 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1558828 cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://tomcat.apache.org/security-7.html cve-icon cve-icon
http://tomcat.apache.org/security-8.html cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21667883 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21675886 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21677147 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21678231 cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3530 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html cve-icon cve-icon
http://www.securityfocus.com/bid/65768 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0008.html cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1069911 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013 cve-icon cve-icon
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-4590 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-4590 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T16:45:15.235Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4590

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-02-26T14:55:08.207

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-4590

cve-icon Redhat

Severity : Low

Publid Date: 2014-02-25T00:00:00Z

Links: CVE-2013-4590 - Bugzilla

cve-icon OpenCVE Enrichment

No data.