CVE-2014-3578 – Framework: Directory traversal
https://notcve.org/view.php?id=CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en Pivotal Spring Framework 3.x anterior a 3.2.9 y 4.0 anterior a 4.0.5 permite a atacantes remotos leer ficheros arbitrarios a través de una URL arbitraria. A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place. • http://jvn.jp/en/jp/JVN49154900/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054 http://pivotal.io/security/cve-2014-3578 http://rhn.redhat.com/errata/RHSA-2015-0720.html http://www.securityfocus.com/bid/68042 https://bugzilla.redhat.com/show_bug.cgi?id=1131882 https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://rhn.redhat.com/errata/RHSA-2015-0234.html https://rhn.redhat.com/errata/RHSA-2015-0235.html https://access.redhat.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-3625 – Framework: directory traversal flaw
https://notcve.org/view.php?id=CVE-2014-3625
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. Vulnerabilidad de salto de directorio (Directory Traversal) en Pivotal Spring Framework versión 3.0.4 hasta 3.2.x anterior a 3.2.12, versión 4.0.x anterior a 4.0.8 y versión 4.1.x anterior a 4.1.2, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados, relacionados al manejo de recurso estático. A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running. • http://rhn.redhat.com/errata/RHSA-2015-0236.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://www.pivotal.io/security/cve-2014-3625 https://jira.spring.io/browse/SPR-12354 https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://access.redhat.com/security/cve/CVE-2014-3625 https://bugzilla.redhat.com/show_bug.cgi?id=1165936 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0225 – Framework: Information disclosure via SSRF
https://notcve.org/view.php?id=CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resolución de las referencias URI en una declaración DTD, lo que habilita ataques de tipo XXE. It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning web servers. • https://pivotal.io/security/cve-2014-0225 https://access.redhat.com/security/cve/CVE-2014-0225 https://bugzilla.redhat.com/show_bug.cgi?id=1110110 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-1904 – Framework: cross-site scripting flaw when using Spring MVC
https://notcve.org/view.php?id=CVE-2014-1904
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. Vulnerabilidad de XSS en web/servlet/tags/form/FormTag.java en Spring MVC en Spring Framework 3.0.0 anterior a 3.2.8 y 4.0.0 anterior a 4.0.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la URI solicitada en una acción por defecto. • http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt http://rhn.redhat.com/errata/RHSA-2014-0400.html http://seclists.org/fulldisclosure/2014/Mar/101 http://secunia.com/advisories/57915 http://www.gopivotal.com/security/cve-2014-1904 http://www.securityfocus.com/archive/1/531422/100/0/threaded http://www.securityfocus.com/bid/66137 https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485 https://jira.springsource.org/browse/SPR-11426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0054 – Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429
https://notcve.org/view.php?id=CVE-2014-0054
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. Jaxb2RootElementHttpMessageConverter en Spring MVC en Spring Framework anterior a 3.2.8 y 4.0.0 anterior a 4.0.2 no deshabilita resolución de entidad externa, lo que permite a atacantes remotos leer archivos arbitrarios, causar una denegación de servicio y realizar ataques CSRF a través de XML manipulado, también conocido como un problema de entidad externa XML (XXE). NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-4152, CVE-2013-7315 y CVE-2013-6429. • http://rhn.redhat.com/errata/RHSA-2014-0400.html http://secunia.com/advisories/57915 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/66148 https://jira.spring.io/browse/SPR-11376 https://access.redhat.com/security/cve/CVE-2014-0054 https://bugzilla.redhat.com/show_bug.cgi?id=1075328 • CWE-352: Cross-Site Request Forgery (CSRF) •