CVE-2013-6447

CWE-200 — Information Exposure CWE-611 — XML External Entity (XXE)5 documents5 sources

Severity

5.0MEDIUM

EPSS

1.4%

top 19.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Seam 2 Framework

Timeline

PublishedJan 23

Latest updateMay 17

Description

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_seam_2_framework2.3.1+12

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gvc5-hqc3-j65q: Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Rem↗2022-05-17

▶

CVEList

CVE-2013-6447: Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Rem↗2014-01-23

▶

📋Vendor Advisories

Red Hat

Seam: XML eXternal Entity (XXE) flaw in remoting↗2014-01-20

▶

💬Community

Bugzilla

CVE-2013-6447 JBoss Seam: XML eXternal Entity (XXE) flaw in remoting↗2013-12-19

▶