CVE-2013-4590

Priority
Description
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
allows attackers to obtain "Tomcat internals" information by leveraging the
presence of an untrusted web application with a context.xml, web.xml,
*.jspx, *.tagx, or *.tld XML document containing an external entity
declaration in conjunction with an entity reference, related to an XML
External Entity (XXE) issue.
Notes
mdeslauronly occurs when running untrusted content. Patch is intrusive.
Package
Upstream:released (6.0.39)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (6.0.39-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (6.0.39-1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=rev&rev=1558828
Package
Upstream:released (7.0.50)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (7.0.52-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.52-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (7.0.52-1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=rev&rev=1549529
More Information

Updated: 2020-04-24 03:15:22 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)