CVE-2013-7315 in VMware and Springsource Products
Published on January 23, 2014
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Products Associated with CVE-2013-7315
stack.watch emails you whenever new vulnerabilities are published in VMware Spring Framework or Springsource Spring Framework. Just hit a watch button to start following.
Exploit Probability
EPSS
0.52%
Percentile
66.66%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.