CVE-2014-3625CVE-2014-3625

Affected configuration(s):

cpe:/a:pivotal:spring_framework:3.0.4
cpe:/a:pivotal:spring_framework:3.0.5
cpe:/a:pivotal:spring_framework:3.0.6
cpe:/a:pivotal:spring_framework:3.0.7
cpe:/a:pivotal:spring_framework:3.1.0
cpe:/a:pivotal:spring_framework:3.1.1
cpe:/a:pivotal:spring_framework:3.1.2
cpe:/a:pivotal:spring_framework:3.1.3
cpe:/a:pivotal:spring_framework:3.1.4
cpe:/a:pivotal:spring_framework:3.2.0
cpe:/a:pivotal:spring_framework:3.2.1
cpe:/a:pivotal:spring_framework:3.2.2
cpe:/a:pivotal:spring_framework:3.2.3
cpe:/a:pivotal:spring_framework:3.2.4
cpe:/a:pivotal:spring_framework:3.2.5
cpe:/a:pivotal:spring_framework:3.2.6
cpe:/a:pivotal:spring_framework:3.2.7
cpe:/a:pivotal:spring_framework:3.2.8
cpe:/a:pivotal:spring_framework:3.2.9
cpe:/a:pivotal:spring_framework:3.2.10
cpe:/a:pivotal:spring_framework:3.2.11
cpe:/a:pivotal:spring_framework:4.0.0
cpe:/a:pivotal:spring_framework:4.0.1
cpe:/a:pivotal:spring_framework:4.0.2
cpe:/a:pivotal:spring_framework:4.0.3
cpe:/a:pivotal:spring_framework:4.0.4
cpe:/a:pivotal:spring_framework:4.0.5
cpe:/a:pivotal:spring_framework:4.0.7
cpe:/a:pivotal:spring_framework:4.1.0
cpe:/a:pivotal:spring_framework:4.1.1
cpe:/a:pivotal:spring_framework:4.06

Date published: 2014-11-20T12:50:00.113-05:00

Date last modified: 2015-03-27T21:59:31.103-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://rhn.redhat.com/errata/RHSA-2015-0236.html

Summary: Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.