CVE-2014-3578

Framework: Directory traversal

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Vulnerabilidad de salto de directorio en Pivotal Spring Framework 3.x anterior a 3.2.9 y 4.0 anterior a 4.0.5 permite a atacantes remotos leer ficheros arbitrarios a través de una URL arbitraria.

A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place.

Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2015-02-17 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (10)

URL	Tag	Source
http://jvn.jp/en/jp/JVN49154900/index.html	Third Party Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054	Third Party Advisory
http://www.securityfocus.com/bid/68042	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://pivotal.io/security/cve-2014-3578	2019-07-14
http://rhn.redhat.com/errata/RHSA-2015-0720.html	2019-07-14
https://bugzilla.redhat.com/show_bug.cgi?id=1131882	2015-03-24
https://rhn.redhat.com/errata/RHSA-2015-0234.html	2019-07-14
https://rhn.redhat.com/errata/RHSA-2015-0235.html	2019-07-14
https://access.redhat.com/security/cve/CVE-2014-3578	2015-03-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pivotal Software Search vendor "Pivotal Software"		Spring Framework Search vendor "Pivotal Software" for product "Spring Framework"				>= 3.2.0 < 3.2.9 Search vendor "Pivotal Software" for product "Spring Framework" and version " >= 3.2.0 < 3.2.9"		-		Affected
Pivotal Software Search vendor "Pivotal Software"		Spring Framework Search vendor "Pivotal Software" for product "Spring Framework"				>= 4.0.0 < 4.0.5 Search vendor "Pivotal Software" for product "Spring Framework" and version " >= 4.0.0 < 4.0.5"		-		Affected