KB Article #179731
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2013
List of possible security vulnerabilities reported against SecureTransport and corresponding analysis based on Axway's research.
NOTE: This KB lists only the vulnerabilities, tagged with the year 2013. For CVEs from other years, refer to the following articles:
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2018
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2017
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2016
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2015
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2014
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2012
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2011
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2010
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2009 and earlier
Additional lists of security vulnerabilities reported against SecureTransport application without formal CVE/CWE identifiers or against ST appliance platforms can be found at :
- Security vulnerabilities reported against SecureTransport, without formal CVE or CWE identifier
- Security vulnerabilities reported against ST appliances
| CVE Reference | CVSS v2 Base Score | Attack Vector | Version Reported | Version Fixed | KB Article |
| CVE-2013-7057 | N/A | N/A | 5.1 SP2 5.2.0 5.2.1 |
5.2.1 Patch 7 | KB176581 |
| Added: N/A | Last modified: N/A | ||||
|
Versions after 5.2.1 are not affected.
Only valid for SecureTransport versions 5.2.0 and 5.2.1:
SecureTransport versions prior to 5.2.0 do not expose REST API that
SecureTransport 5.2.1 Patch 7 introduces a fix for the vulnerability for the 5.2.x release family and all subsequent Service Packs for ST 5.2.1 contain the fix.
Customers running ST 5.2.0 and ST 5.2.1 are encouraged to upgrade to the latest Service Pack available. |
|||||
| CVE-2013-2067 | 6.8 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with update of third party Tomcat module to version 7.0.57 in ST 5.2.1 SP5 |
|||||
| CVE-2013-2071 | 2.6 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with update of third party Tomcat module to version 7.0.57 in ST 5.2.1 SP5. |
|||||
| CVE-2013-0346 | 2.1 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with update of third party Tomcat module to version 7.0.57 in ST 5.2.1 SP5 |
|||||
| CVE-2013-4322 | 4.3 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with update of third party Tomcat module to version 7.0.57 in ST 5.2.1 SP5 |
|||||
| CVE-2013-4590 | 4.3 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with update of third party Tomcat module to version 7.0.57 in ST 5.2.1 SP5 |
|||||
| CVE-2013-4286 | 5.8 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with update of third party Tomcat module to version 7.0.57 in ST 5.2.1 SP5 |
|||||
| CVE-2013-1976 | 2.0 | Local | 5.1 5.2.1 |
N/A | - |
| Added: 20 May 2019 | Last modified: 20 May 2019 | ||||
|
Security issue CVE-2013-1976 is applicable to the init scripts provided by the RPM distribution of Tomcat in several RedHat Linux releases. The vulnerability does not affect any other Tomcat package distributions. Secure Transport has Tomcat bundled and shipped with the product package as provided by Apache Software Foundation. ST does not use the Tomcat version shipped with RHEL, or any other OS. Based on the above CVE-2013-1976 is not applicable for Secure Transport. |
|||||