CVE-2013-4590

Priority
Description
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
allows attackers to obtain "Tomcat internals" information by leveraging the
presence of an untrusted web application with a context.xml, web.xml,
*.jspx, *.tagx, or *.tld XML document containing an external entity
declaration in conjunction with an entity reference, related to an XML
External Entity (XXE) issue.
Notes
 mdeslaur> only occurs when running untrusted content. Patch is intrusive.
Package
Upstream:released (6.0.39)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (6.0.39-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (6.0.39-1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=rev&rev=1558828
Package
Upstream:released (7.0.50)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (7.0.52-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.52-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (7.0.52-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (7.0.52-1)
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=rev&rev=1549529
More Information

Updated: 2019-01-14 21:15:00 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)