CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 0CVE-2011-2730 – Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
https://notcve.org/view.php?id=CVE-2011-2730
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." VMware SpringSource Spring Framework anterior a v2.5.6.SEC03, v2.5.7.SR023, y v3.x anterior a v3.0.6, cuando el contenedor soporta Expression Language (EL), evalúa expresiones EL en etiquetas, permite a atacantes remotos obtener información sensible mediante (1) el atributo name en a (a) spring:hasBindErrors; (2) el atributo path en a (b) spring:bind o (c) spring:nestedpath; (3) arguments, (4) code, (5) text, (6) var, (7) scope, o (8) atributo message in a (d) spring:message o (e) spring:theme; or (9) var, (10) scope, or (11) atributo value en a (f) spring:transform, también conocido como "Inyección de Expresión de Lenguaje" • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814 http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0197.html http://rhn.redhat.com/errata/RHSA-2013-0198.html http:/& • CWE-16: Configuration •
CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 5CVE-2010-1622 – Spring Framework - Arbitrary code Execution
https://notcve.org/view.php?id=CVE-2010-1622
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. SpringSource Spring Framework v2.5.x anteriores a v2.5.6.SEC02, v2.5.7 anteriores a v2.5.7.SR01, y v3.0.x anteriores a v3.0.3 permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP que contenga class.classLoader.URLs[0]=jar: seguida por una URL de un fichero .jar modificado. • https://www.exploit-db.com/exploits/13918 https://github.com/HandsomeCat00/Spring-CVE-2010-1622 http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://secunia.com/advisories/43087 http://www.exploit-db.com/exploits/13918 http://www.oracle.com/technetwork/topics/security/cpuoct2015-236 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •