5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.6%
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
rhn.redhat.com/errata/RHSA-2015-0236.html
rhn.redhat.com/errata/RHSA-2015-0720.html
www.pivotal.io/security/cve-2014-3625
github.com/spring-projects/spring-framework
github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
jira.spring.io/browse/SPR-12354
lists.debian.org/debian-lts-announce/2019/07/msg00012.html
nvd.nist.gov/vuln/detail/CVE-2014-3625