CVE-2016-9878
Framework: Directory Traversal in the Spring Framework ResourceServlet
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Un problema fue descubierto en Pivotal Spring Framework en versiones anteriores a 3.2.18, 4.2.x en versiones anteriores a 4.2.9 y 4.3.x en versiones anteriores a 4.3.5. Las rutas proporcionadas al ResourceServlet no fueron desinfectadas adecuadamente y como resultado expuestas a ataques de salto de directorio.
It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-06 CVE Reserved
- 2016-12-29 CVE Published
- 2023-08-02 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/95072 | Third Party Advisory | |
http://www.securitytracker.com/id/1040698 | Vdb Entry | |
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20180419-0002 | X_refsource_confirm | |
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:3115 | 2022-04-11 | |
https://pivotal.io/security/cve-2016-9878 | 2022-04-11 | |
https://access.redhat.com/security/cve/CVE-2016-9878 | 2017-11-02 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1408164 | 2017-11-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | <= 3.2.0 Search vendor "Pivotal Software" for product "Spring Framework" and version " <= 3.2.0" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | 4.2.0 Search vendor "Pivotal Software" for product "Spring Framework" and version "4.2.0" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | 4.3.0 Search vendor "Pivotal Software" for product "Spring Framework" and version "4.3.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.1 Search vendor "Vmware" for product "Spring Framework" and version "3.2.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.2 Search vendor "Vmware" for product "Spring Framework" and version "3.2.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.3 Search vendor "Vmware" for product "Spring Framework" and version "3.2.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.4 Search vendor "Vmware" for product "Spring Framework" and version "3.2.4" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.5 Search vendor "Vmware" for product "Spring Framework" and version "3.2.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.6 Search vendor "Vmware" for product "Spring Framework" and version "3.2.6" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.7 Search vendor "Vmware" for product "Spring Framework" and version "3.2.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.8 Search vendor "Vmware" for product "Spring Framework" and version "3.2.8" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.9 Search vendor "Vmware" for product "Spring Framework" and version "3.2.9" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.10 Search vendor "Vmware" for product "Spring Framework" and version "3.2.10" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.11 Search vendor "Vmware" for product "Spring Framework" and version "3.2.11" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.12 Search vendor "Vmware" for product "Spring Framework" and version "3.2.12" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.13 Search vendor "Vmware" for product "Spring Framework" and version "3.2.13" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.14 Search vendor "Vmware" for product "Spring Framework" and version "3.2.14" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.15 Search vendor "Vmware" for product "Spring Framework" and version "3.2.15" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.16 Search vendor "Vmware" for product "Spring Framework" and version "3.2.16" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.17 Search vendor "Vmware" for product "Spring Framework" and version "3.2.17" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.1 Search vendor "Vmware" for product "Spring Framework" and version "4.2.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.2 Search vendor "Vmware" for product "Spring Framework" and version "4.2.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.3 Search vendor "Vmware" for product "Spring Framework" and version "4.2.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.4 Search vendor "Vmware" for product "Spring Framework" and version "4.2.4" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.5 Search vendor "Vmware" for product "Spring Framework" and version "4.2.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.6 Search vendor "Vmware" for product "Spring Framework" and version "4.2.6" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.7 Search vendor "Vmware" for product "Spring Framework" and version "4.2.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.2.8 Search vendor "Vmware" for product "Spring Framework" and version "4.2.8" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.3.1 Search vendor "Vmware" for product "Spring Framework" and version "4.3.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.3.2 Search vendor "Vmware" for product "Spring Framework" and version "4.3.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.3.3 Search vendor "Vmware" for product "Spring Framework" and version "4.3.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.3.4 Search vendor "Vmware" for product "Spring Framework" and version "4.3.4" | - |
Affected
|