| Vulnerability Name: | CVE-2013-4295 (CCN-88194) | ||||||||
| Assigned: | 2013-10-21 | ||||||||
| Published: | 2013-10-21 | ||||||||
| Updated: | 2013-10-24 | ||||||||
| Summary: | The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20131021 [CVE-2013-4295] Apache Shindig information disclosure vulnerability Source: CCN Type: BugTraq Mailing List, Mon Oct 21 2013 - 19:18:45 CDT [CVE-2013-4295] Apache Shindig information disclosure vulnerability Source: MITRE Type: CNA CVE-2013-4295 Source: CCN Type: Apache Web site Shindig Source: CONFIRM Type: Patch, Vendor Advisory http://shindig.apache.org/security.html Source: BID Type: UNKNOWN 63260 Source: CCN Type: BID-63260 Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability Source: XF Type: UNKNOWN apache-shindig-cve20134295-info-disc(88194) Source: CCN Type: Packet Storm Security [10-22-2013] Apache Shindig 2.5.0 XXE Injection | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||