CVSS: 9.8EPSS: 2%CPEs: 20EXPL: 0CVE-2020-5413 – Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"
https://notcve.org/view.php?id=CVE-2020-5413
31 Jul 2020 — Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive aga... • https://tanzu.vmware.com/security/cve-2020-5413 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 3CVE-2020-5410 – VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-5410
02 Jun 2020 — Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config, las versiones 2.2.x anteriores a 2.2.3, versiones 2.1.x anteriores a 2.1.9, y las versiones más antiguas no compatibles, permiten a las aplicacio... • https://packetstorm.news/files/id/181125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-5408 – Dictionary attack with Spring Security queryable text encryptor
https://notcve.org/view.php?id=CVE-2020-5408
14 May 2020 — Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x... • https://tanzu.vmware.com/security/cve-2020-5408 • CWE-329: Generation of Predictable IV with CBC Mode CWE-330: Use of Insufficiently Random Values •
CVSS: 6.5EPSS: 72%CPEs: 2EXPL: 0CVE-2020-5405 – Directory Traversal with spring-cloud-config-server
https://notcve.org/view.php?id=CVE-2020-5405
05 Mar 2020 — Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Cloud Config, versiones 2.2.x anteriores a 2.2.2, versiones 2.1.x anteriores a 2.1.7 y versiones anteriores no compatibles, permite a unas aplicaciones servir arc... • https://pivotal.io/security/cve-2020-5405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 1CVE-2020-5397 – CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
https://notcve.org/view.php?id=CVE-2020-5397
17 Jan 2020 — Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client cer... • https://pivotal.io/security/cve-2020-5397 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 90%CPEs: 63EXPL: 1CVE-2020-5398 – RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
https://notcve.org/view.php?id=CVE-2020-5398
16 Jan 2020 — In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. En Spring Framework, versiones 5.2.x anteriores a 5.2.3, versiones 5.1.x anteriores a 5.1.13 y versiones 5.0.x anteriores a 5.0.16, una aplicación es vulnerable a un ataque de tipo reflected file... • https://github.com/motikan2010/CVE-2020-5398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 59%CPEs: 1EXPL: 5CVE-2016-1000027
https://notcve.org/view.php?id=CVE-2016-1000027
02 Jan 2020 — Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. Pivotal Spring Framework hasta la versión 5.3.16 su... • https://github.com/artem-smotrakov/cve-2016-1000027-poc • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11272 – PlaintextPasswordEncoder authenticates encoded passwords that are null
https://notcve.org/view.php?id=CVE-2019-11272
26 Jun 2019 — Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". Spring Security, versiones 4.2.x hasta 4.2.12, y versiones anteriores no compatibles admiten contraseñas de texto sin formato mediante PlaintextPasswordEnco... • https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 91%CPEs: 4EXPL: 5CVE-2019-3799 – Directory Traversal with spring-cloud-config-server
https://notcve.org/view.php?id=CVE-2019-3799
30 Apr 2019 — Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Cloud Config, versiones 2.1.x anteriores a 2.1.2, versiones 2.0.x anteriores a 2.0.4, versiones 1.4.x anteriores a 1.4.6, y ver... • https://packetstorm.news/files/id/181104 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 2%CPEs: 4EXPL: 0CVE-2019-3795 – Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
https://notcve.org/view.php?id=CVE-2019-3795
09 Apr 2019 — Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. Las versiones 4.2.x de Spring Security anteriores a 4.2.12, 5.0.x anteriores a 5.0.12 y 5.1.x anteriores a 5.1.5 contienen una vulnerabilidad d... • http://www.securityfocus.com/bid/107802 • CWE-330: Use of Insufficiently Random Values •