CVSS: 9.8EPSS: 85%CPEs: 70EXPL: 6CVE-2018-1270 – spring-framework: Possible RCE via spring messaging
https://notcve.org/view.php?id=CVE-2018-1270
06 Apr 2018 — Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite ... • https://packetstorm.news/files/id/147974 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2016-5007
https://notcve.org/view.php?id=CVE-2016-5007
25 May 2017 — Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.6EPSS: 0%CPEs: 36EXPL: 1CVE-2015-5211
https://notcve.org/view.php?id=CVE-2015-5211
25 May 2017 — Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. En algunas situaciones, el Framework Spring versiones 4.2.0 hasta 4.2.1, versiones 4.0.0 hasta 4.1.7, versiones 3.2.0 hasta 3.2... • https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-9878 – Framework: Directory Traversal in the Spring Framework ResourceServlet
https://notcve.org/view.php?id=CVE-2016-9878
29 Dec 2016 — An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Un problema fue descubierto en Pivotal Spring Framework en versiones anteriores a 3.2.18, 4.2.x en versiones anteriores a 4.2.9 y 4.3.x en versiones anteriores a 4.3.5. Las rutas proporcionadas al ResourceServlet no fueron desinfectadas adecuadamente y como resultado expuestas a... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 4%CPEs: 23EXPL: 0CVE-2015-3192 – Framework: denial-of-service attack with XML input
https://notcve.org/view.php?id=CVE-2015-3192
09 Jun 2016 — Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. Pivotal Spring Framework en versiones anteriores a 3.2.14 y 4.x en versiones anteriores a 4.1.7 no procesa correctamente las declaraciones DTD en línea cuando DTD no está completamente desactivado, lo que permite a atacantes remotos provoca... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 2%CPEs: 2EXPL: 0CVE-2014-3578 – Framework: Directory traversal
https://notcve.org/view.php?id=CVE-2014-3578
17 Feb 2015 — Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en Pivotal Spring Framework 3.x anterior a 3.2.9 y 4.0 anterior a 4.0.5 permite a atacantes remotos leer ficheros arbitrarios a través de una URL arbitraria. A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypass... • http://jvn.jp/en/jp/JVN49154900/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 2CVE-2014-3625 – Framework: directory traversal flaw
https://notcve.org/view.php?id=CVE-2014-3625
20 Nov 2014 — Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. Vulnerabilidad de salto de directorio (Directory Traversal) en Pivotal Spring Framework versión 3.0.4 hasta 3.2.x anterior a 3.2.12, versión 4.0.x anterior a 4.0.8 y versión 4.1.x anterior a 4.1.2, permite a atacantes remotos leer archivos arbitrarios por medio ... • https://github.com/ilmila/springcss-cve-2014-3625 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2014-0225 – Framework: Information disclosure via SSRF
https://notcve.org/view.php?id=CVE-2014-0225
02 Oct 2014 — When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resolución de las referencias URI en una declarac... • https://pivotal.io/security/cve-2014-0225 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.8EPSS: 25%CPEs: 34EXPL: 0CVE-2014-0054 – Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429
https://notcve.org/view.php?id=CVE-2014-0054
12 Mar 2014 — The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. Jaxb2RootElementHttpMessageConverter en Spring MVC en Spring Framework anterio... • http://rhn.redhat.com/errata/RHSA-2014-0400.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1904 – Framework: cross-site scripting flaw when using Spring MVC
https://notcve.org/view.php?id=CVE-2014-1904
12 Mar 2014 — Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. Vulnerabilidad de XSS en web/servlet/tags/form/FormTag.java en Spring MVC en Spring Framework 3.0.0 anterior a 3.2.8 y 4.0.0 anterior a 4.0.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la URI solicitada en una acció... • http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •