CVE-2013-6447

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
redhatjboss_seam_2_framework
𝑥
≤ 2.3.1
redhatjboss_seam_2_framework
2.0.0:beta1
redhatjboss_seam_2_framework
2.0.0:cr1
redhatjboss_seam_2_framework
2.0.0:cr2
redhatjboss_seam_2_framework
2.0.0:cr3
redhatjboss_seam_2_framework
2.0.0:ga
redhatjboss_seam_2_framework
2.0.1:cr1
redhatjboss_seam_2_framework
2.0.1:cr2
redhatjboss_seam_2_framework
2.0.1:ga
redhatjboss_seam_2_framework
2.0.2:cr1
redhatjboss_seam_2_framework
2.0.2:cr2
redhatjboss_seam_2_framework
2.0.2:ga
redhatjboss_seam_2_framework
2.0.2:sp1
redhatjboss_seam_2_framework
2.0.3:cr1
redhatjboss_seam_2_framework
2.1.0:alpha1
redhatjboss_seam_2_framework
2.1.0:beta1
redhatjboss_seam_2_framework
2.1.0:cr1
redhatjboss_seam_2_framework
2.1.0:ga
redhatjboss_seam_2_framework
2.1.0:sp1
redhatjboss_seam_2_framework
2.1.1:cr1
redhatjboss_seam_2_framework
2.1.1:cr2
redhatjboss_seam_2_framework
2.1.1:ga
redhatjboss_seam_2_framework
2.1.2
redhatjboss_seam_2_framework
2.1.2:cr1
redhatjboss_seam_2_framework
2.1.2:cr2
redhatjboss_seam_2_framework
2.2.0:cr1
redhatjboss_seam_2_framework
2.2.0:ga
redhatjboss_seam_2_framework
2.2.1
redhatjboss_seam_2_framework
2.2.1:cr1
redhatjboss_seam_2_framework
2.2.1:cr2
redhatjboss_seam_2_framework
2.2.1:cr3
redhatjboss_seam_2_framework
2.2.2
redhatjboss_seam_2_framework
2.3.0
redhatjboss_seam_2_framework
2.3.0:alpha
redhatjboss_seam_2_framework
2.3.0:beta1
redhatjboss_seam_2_framework
2.3.0:beta2
redhatjboss_seam_2_framework
2.3.0:cr1
redhatjboss_seam_2_framework
2.3.1:cr1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0045.html
http://secunia.com/advisories/56572
http://www.securitytracker.com/id/1029652
https://bugzilla.redhat.com/show_bug.cgi?id=1044784
https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5
http://rhn.redhat.com/errata/RHSA-2014-0045.html
http://secunia.com/advisories/56572
http://www.securitytracker.com/id/1029652
https://bugzilla.redhat.com/show_bug.cgi?id=1044784
https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5