Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4774-1.NASL
HistoryOct 20, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)

2023-10-2000:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory.

  • Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. (CVE-2015-3192)

  • Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. (CVE-2015-5211)

  • An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. (CVE-2016-9878)

  • When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. (CVE-2014-0225)

  • Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. (CVE-2014-3625)

  • Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. (CVE-2014-3578)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4774-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183546);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2014-0225",
    "CVE-2014-3578",
    "CVE-2014-3625",
    "CVE-2015-3192",
    "CVE-2015-5211",
    "CVE-2016-9878"
  );
  script_xref(name:"USN", value:"4774-1");

  script_name(english:"Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-4774-1 advisory.

  - Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD
    declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service
    (memory consumption and out-of-memory errors) via a crafted XML file. (CVE-2015-3192)

  - Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older
    unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a
    malicious user crafting a URL with a batch script extension that results in the response being downloaded
    rather than rendered and also includes some input reflected in the response. (CVE-2015-5211)

  - An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before
    4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to
    directory traversal attacks. (CVE-2016-9878)

  - When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and
    possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD
    declaration. This enabled an XXE attack. (CVE-2014-0225)

  - Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x
    before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified
    vectors, related to static resource handling. (CVE-2014-3625)

  - Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows
    remote attackers to read arbitrary files via a crafted URL. (CVE-2014-3578)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4774-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5211");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-aop-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-beans-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-context-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-context-support-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-core-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-expression-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-instrument-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-jdbc-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-jms-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-orm-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-oxm-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-test-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-transaction-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-web-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-web-portlet-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-web-servlet-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-web-struts-java");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'libspring-aop-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-beans-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-context-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-context-support-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-core-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-expression-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-instrument-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-jdbc-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-jms-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-orm-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-oxm-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-transaction-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-web-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-web-portlet-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'},
    {'osver': '16.04', 'pkgname': 'libspring-web-servlet-java', 'pkgver': '3.2.13-5ubuntu0.1~esm1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libspring-aop-java / libspring-beans-java / libspring-context-java / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linuxlibspring-aop-javap-cpe:/a:canonical:ubuntu_linux:libspring-aop-java
canonicalubuntu_linuxlibspring-beans-javap-cpe:/a:canonical:ubuntu_linux:libspring-beans-java
canonicalubuntu_linuxlibspring-context-javap-cpe:/a:canonical:ubuntu_linux:libspring-context-java
canonicalubuntu_linuxlibspring-context-support-javap-cpe:/a:canonical:ubuntu_linux:libspring-context-support-java
canonicalubuntu_linuxlibspring-core-javap-cpe:/a:canonical:ubuntu_linux:libspring-core-java
canonicalubuntu_linuxlibspring-expression-javap-cpe:/a:canonical:ubuntu_linux:libspring-expression-java
canonicalubuntu_linuxlibspring-instrument-javap-cpe:/a:canonical:ubuntu_linux:libspring-instrument-java
canonicalubuntu_linuxlibspring-jdbc-javap-cpe:/a:canonical:ubuntu_linux:libspring-jdbc-java
canonicalubuntu_linuxlibspring-jms-javap-cpe:/a:canonical:ubuntu_linux:libspring-jms-java
Rows per page:
1-10 of 181

Related

osv 10
openvas 11
debian 1
ubuntu 1
nessus 9
ibm 19
redhatcve 2
ubuntucve 7
veracode 2
cve 7
debiancve 7
github 7
prion 7
fedora 7
jvn 1
mageia 3
redhat 13
githubexploit 1
atlassian 1
oracle 4
osv
osv
libspring-java vulnerabilities
2021-03-17 17:02:03
libspring-java - security update
2019-07-13 00:00:00
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
2018-10-04 20:29:55
openvas
openvas
Ubuntu: Security Advisory (USN-4774-1)
2023-01-27 00:00:00
Debian: Security Advisory (DLA-1853-1)
2019-07-14 00:00:00
Fedora Update for springframework FEDORA-2016-f341d71730
2017-01-04 00:00:00
debian
debian
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:20:48
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00
nessus
nessus
Debian DLA-1853-1 : libspring-java security update
2019-07-15 00:00:00
Fedora 25 : springframework (2016-f341d71730)
2017-01-03 00:00:00
Fedora 22 : springframework-3.2.15-1.fc22 (2015-693035254a)
2016-03-04 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server
2019-07-11 19:25:02
Security Bulletin: OpenSource GoPivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2014-3578, CVE-2014-3625)
2018-06-16 21:50:03
Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)
2018-06-17 15:35:56
redhatcve
redhatcve
CVE-2016-9878
2016-12-22 11:17:24
CVE-2020-5421
2020-09-21 16:59:07
ubuntucve
ubuntucve
CVE-2016-9878
2016-12-29 00:00:00
CVE-2014-3578
2015-02-19 00:00:00
CVE-2015-5211
2017-05-25 00:00:00
veracode
veracode
Directory Traversal
2016-12-28 07:29:41
Reflected File Download (RFD) Attack
2020-09-18 08:14:19
cve
cve
CVE-2016-9878
2016-12-29 09:59:00
CVE-2014-3578
2015-02-19 20:59:00
CVE-2015-5211
2017-05-25 17:29:00
debiancve
debiancve
CVE-2016-9878
2016-12-29 09:59:00
CVE-2014-3578
2015-02-19 20:59:00
CVE-2015-5211
2017-05-25 17:29:00
github
github
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
2022-05-14 00:56:29
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
2018-10-04 20:29:55
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
prion
prion
Directory traversal
2015-02-19 20:59:00
Directory traversal
2016-12-29 09:59:00
Input validation
2017-05-25 17:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: springframework-3.2.18-1.fc25
2017-01-01 21:51:55
[SECURITY] Fedora 21 Update: springframework-3.2.15-1.fc21
2015-11-01 22:22:42
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
2015-11-01 02:58:09
jvn
jvn
JVN#49154900: Spring Framework vulnerable to directory traversal
2014-06-13 00:00:00
mageia
mageia
Updated springframework packages fix security vulnerability
2015-11-04 21:03:05
Updated springframework packages fix CVE-2014-0225
2015-05-11 23:10:38
Updated springframework package fixes security vulnerability
2015-07-29 00:01:59
redhat
redhat
(RHSA-2016:1219) Moderate: Red Hat JBoss BRMS security and bug fix update
2016-06-09 13:48:46
(RHSA-2016:1592) Moderate: Red Hat JBoss BRMS 6.3.2 security and bug fix update
2016-08-10 18:42:43
(RHSA-2016:1593) Moderate: Red Hat JBoss BPM Suite 6.3.2 security and bug fix update
2016-08-10 18:42:55
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
JSON
Related for UBUNTU_USN-4774-1.NASL
osv10openvas11debian1ubuntu1nessus9ibm19redhatcve2ubuntucve7veracode2cve7debiancve7github7prion7fedora7jvn1mageia3redhat13githubexploit1atlassian1oracle4