CVE-2013-6429

medium VMware
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
38.7%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: January 26, 2014 (4491 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

CWE

CWE-352

Affected Products

pivotal software spring frameworkvmware spring framework

References

🔗 rhn.redhat.com 🔗 secunia.com 🔗 www.gopivotal.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com