CVE-2015-3192 – Framework: denial-of-service attack with XML input
https://notcve.org/view.php?id=CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. Pivotal Spring Framework en versiones anteriores a 3.2.14 y 4.x en versiones anteriores a 4.1.7 no procesa correctamente las declaraciones DTD en línea cuando DTD no está completamente desactivado, lo que permite a atacantes remotos provocar una caída de servicio (consumo de memoria y errores fuera de rango) a través de un archivo XML manipulado. A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html http://pivotal.io/security/cve-2015-3192 http://rhn.redhat.com/errata/RHSA-2016-1592.html http://rhn.redhat.com/errata/RHSA-2016-1593.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://www.securityfocus.com/bid/90853 http://www.securitytracker.com/id/1036587 ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3578 – Framework: Directory traversal
https://notcve.org/view.php?id=CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en Pivotal Spring Framework 3.x anterior a 3.2.9 y 4.0 anterior a 4.0.5 permite a atacantes remotos leer ficheros arbitrarios a través de una URL arbitraria. A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place. • http://jvn.jp/en/jp/JVN49154900/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054 http://pivotal.io/security/cve-2014-3578 http://rhn.redhat.com/errata/RHSA-2015-0720.html http://www.securityfocus.com/bid/68042 https://bugzilla.redhat.com/show_bug.cgi?id=1131882 https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://rhn.redhat.com/errata/RHSA-2015-0234.html https://rhn.redhat.com/errata/RHSA-2015-0235.html https://access.redhat.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-3625 – Framework: directory traversal flaw
https://notcve.org/view.php?id=CVE-2014-3625
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. Vulnerabilidad de salto de directorio (Directory Traversal) en Pivotal Spring Framework versión 3.0.4 hasta 3.2.x anterior a 3.2.12, versión 4.0.x anterior a 4.0.8 y versión 4.1.x anterior a 4.1.2, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados, relacionados al manejo de recurso estático. A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running. • http://rhn.redhat.com/errata/RHSA-2015-0236.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://www.pivotal.io/security/cve-2014-3625 https://jira.spring.io/browse/SPR-12354 https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://access.redhat.com/security/cve/CVE-2014-3625 https://bugzilla.redhat.com/show_bug.cgi?id=1165936 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0225 – Framework: Information disclosure via SSRF
https://notcve.org/view.php?id=CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resolución de las referencias URI en una declaración DTD, lo que habilita ataques de tipo XXE. It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning web servers. • https://pivotal.io/security/cve-2014-0225 https://access.redhat.com/security/cve/CVE-2014-0225 https://bugzilla.redhat.com/show_bug.cgi?id=1110110 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-1904 – Framework: cross-site scripting flaw when using Spring MVC
https://notcve.org/view.php?id=CVE-2014-1904
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. Vulnerabilidad de XSS en web/servlet/tags/form/FormTag.java en Spring MVC en Spring Framework 3.0.0 anterior a 3.2.8 y 4.0.0 anterior a 4.0.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la URI solicitada en una acción por defecto. • http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt http://rhn.redhat.com/errata/RHSA-2014-0400.html http://seclists.org/fulldisclosure/2014/Mar/101 http://secunia.com/advisories/57915 http://www.gopivotal.com/security/cve-2014-1904 http://www.securityfocus.com/archive/1/531422/100/0/threaded http://www.securityfocus.com/bid/66137 https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485 https://jira.springsource.org/browse/SPR-11426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •