Vulnerability-Lookup

CVE-2013-0315 (GCVE-0-2013-0315)

Vulnerability from cvelistv5 – Published: 2013-04-12 22:00 – Updated: 2024-08-06 14:25

Summary

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-RPHH-QHQW-93PR

Vulnerability from github – Published: 2022-05-05 02:48 – Updated: 2022-05-05 02:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-0315"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-04-12T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.",
  "id": "GHSA-rphh-qhqw-93pr",
  "modified": "2022-05-05T02:48:46Z",
  "published": "2022-05-05T02:48:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0315"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/52552"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/91121"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-0315

Vulnerability from fkie_nvd - Published: 2013-04-12 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0613.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/52552	Vendor Advisory
secalert@redhat.com	http://www.osvdb.org/91121
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=913340
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0613.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/52552	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/91121
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=913340

Impacted products

	Vendor	Product	Version
	redhat	jboss_enterprise_portal_platform	5.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack."
    },
    {
      "lang": "es",
      "value": "El gadget de exportaci\u00f3n/importaci\u00f3n GateIn Portal para JBoss Enterprise Portal Platform v5.2.2 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de una entidad externa XML en un documento XML dise\u00f1ado para tal fin. Se trata de una vulnerabilidad tambi\u00e9n conocida como ataque XML Entity Expansi\u00f3n (XEE)."
    }
  ],
  "id": "CVE-2013-0315",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-12T22:55:01.177",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52552"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/91121"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/91121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHSA-2013:0613

Vulnerability from csaf_redhat - Published: 2013-03-07 18:54 - Updated: 2025-11-21 17:42

Summary

Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

Notes

Topic

An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that the GateIn Portal export/import gadget allowed an export ZIP to be uploaded and imported to a site without authentication. A remote attacker could use this flaw to modify the contents of a site, remove the site, or modify access controls applied to portlets in the site. (CVE-2013-0314) It was found that the GateIn Portal export/import gadget was vulnerable to XXE (XML External Entity) attacks. If the XML provided to the import gadget contained an external XML entity, this XML entity would be resolved. A remote attacker who can access the import gadget could use this flaw to read files in the context of the user running the application server. (CVE-2013-0315) The CVE-2013-0314 issue was discovered by Nick Scavelli of Red Hat, and CVE-2013-0315 was discovered by Arun Neelicattu and David Jorm of the Red Hat Security Response Team. Warning: Before applying this update, back up all applications deployed on JBoss Enterprise Portal Platform, along with all customized configuration files, and any databases and database settings. All users of JBoss Enterprise Portal Platform 5.2.2 as provided from the Red Hat Customer Portal are advised to install this update.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the GateIn Portal component in JBoss Enterprise Portal\nPlatform 5.2.2 that fixes two security issues is now available from the\nRed Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Portal Platform is the open source implementation of the\nJava EE suite of services and Portal services running atop JBoss Enterprise\nApplication Platform. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience.\n\nIt was found that the GateIn Portal export/import gadget allowed an export\nZIP to be uploaded and imported to a site without authentication. A remote\nattacker could use this flaw to modify the contents of a site, remove the\nsite, or modify access controls applied to portlets in the site.\n(CVE-2013-0314)\n\nIt was found that the GateIn Portal export/import gadget was vulnerable to\nXXE (XML External Entity) attacks. If the XML provided to the import gadget\ncontained an external XML entity, this XML entity would be resolved. A\nremote attacker who can access the import gadget could use this flaw to\nread files in the context of the user running the application server.\n(CVE-2013-0315)\n\nThe CVE-2013-0314 issue was discovered by Nick Scavelli of Red Hat, and\nCVE-2013-0315 was discovered by Arun Neelicattu and David Jorm of the Red\nHat Security Response Team.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles, and any databases and database settings.\n\nAll users of JBoss Enterprise Portal Platform 5.2.2 as provided from the\nRed Hat Customer Portal are advised to install this update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0613",
        "url": "https://access.redhat.com/errata/RHSA-2013:0613"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=securityPatches\u0026version=5.2.2",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=securityPatches\u0026version=5.2.2"
      },
      {
        "category": "external",
        "summary": "913327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913327"
      },
      {
        "category": "external",
        "summary": "913340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0613.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:42:53+00:00",
      "generator": {
        "date": "2025-11-21T17:42:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2013:0613",
      "initial_release_date": "2013-03-07T18:54:00+00:00",
      "revision_history": [
        {
          "date": "2013-03-07T18:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-03-07T19:07:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:42:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Portal 5.2",
                "product": {
                  "name": "Red Hat JBoss Portal 5.2",
                  "product_id": "Red Hat JBoss Portal 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Middleware"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Nick Scavelli"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2013-0314",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2013-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "913327"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Portal: remote unauthenticated site import",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Portal 5.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0314"
        },
        {
          "category": "external",
          "summary": "RHBZ#913327",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913327"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0314"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0314",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0314"
        }
      ],
      "release_date": "2013-03-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-03-07T18:54:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.\n\nNote that it is recommended to halt the JBoss Enterprise Portal Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise Portal Platform server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss Portal 5.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0613"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Portal 5.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Portal: remote unauthenticated site import"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Arun Neelicattu"
          ]
        },
        {
          "names": [
            "David Jorm"
          ],
          "organization": "Red Hat Security Response Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2013-0315",
      "discovery_date": "2013-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "913340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Portal: XML eXternal Entity (XXE) flaw in site import",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Portal 5.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0315"
        },
        {
          "category": "external",
          "summary": "RHBZ#913340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0315"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0315",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0315"
        }
      ],
      "release_date": "2013-03-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-03-07T18:54:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.\n\nNote that it is recommended to halt the JBoss Enterprise Portal Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise Portal Platform server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss Portal 5.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0613"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Portal 5.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Portal: XML eXternal Entity (XXE) flaw in site import"
    }
  ]
}

GSD-2013-0315

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-0315

Aliases

CVE-2013-0315

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-0315",
    "description": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.",
    "id": "GSD-2013-0315",
    "references": [
      "https://access.redhat.com/errata/RHSA-2013:0613"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-0315"
      ],
      "details": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.",
      "id": "GSD-2013-0315",
      "modified": "2023-12-13T01:22:15.414653Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-0315",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-0613.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html"
          },
          {
            "name": "http://secunia.com/advisories/52552",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/52552"
          },
          {
            "name": "http://www.osvdb.org/91121",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/91121"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=913340",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0315"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=913340",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340"
            },
            {
              "name": "52552",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/52552"
            },
            {
              "name": "RHSA-2013:0613",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html"
            },
            {
              "name": "91121",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/91121"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-04-15T04:00Z",
      "publishedDate": "2013-04-12T22:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-0315 (GCVE-0-2013-0315)

GHSA-RPHH-QHQW-93PR

FKIE_CVE-2013-0315

RHSA-2013:0613

GSD-2013-0315

Tags

Sightings

Nomenclature