Lucene search
+L

164 matches found

Github Security Blog
Github Security Blog
added 2018/10/17 8:29 p.m.27 views

Pivotal Spring Framework DoS Attack with XML Input

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

5.5CVSS5.6AI score0.02555EPSS
Exploits0References24Affected Software1
OSV
OSV
added 2018/10/17 8:29 p.m.47 views

GHSA-6V7W-535J-RQ5M Pivotal Spring Framework DoS Attack with XML Input

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

5.5CVSS5.3AI score0.02555EPSS
Exploits0References25
OSV
OSV
added 2018/10/17 8:28 p.m.50 views

GHSA-45VG-2V73-VM62 Moderate severity vulnerability that affects org.springframework:spring-core

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS6.5AI score0.019EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/10/17 8:28 p.m.33 views

Moderate severity vulnerability that affects org.springframework:spring-core

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS6.4AI score0.019EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/10/04 8:29 p.m.34 views

GHSA-2M8H-FGR8-2Q9W Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks...

7.5CVSS6.8AI score0.0564EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2018/10/04 8:29 p.m.39 views

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks...

7.5CVSS3AI score0.0564EPSS
Exploits0References16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/28 4:30 a.m.29 views

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-8039 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected security, caused by an error related to applications that do not change the value of the...

7.5CVSS1.7AI score0.15858EPSS
Exploits1Affected Software1
NVD
NVD
added 2018/09/14 8:29 p.m.16 views

CVE-2018-11087

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS5.4AI score0.01268EPSS
Exploits0References1
Prion
Prion
added 2018/09/14 8:29 p.m.21 views

Input validation

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

4.3CVSS5.4AI score0.01268EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2018/09/14 8:29 p.m.23 views

CVE-2018-11087

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS6.4AI score0.01268EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/14 8:0 p.m.30 views

CVE-2018-11087 TLS validation error

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.4AI score0.01268EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:35 p.m.42 views

Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)

Summary Multiple vulnerabilities have been identified in the OpenSource/Pivotal Spring Framework version that is embeddded in IBM Tivoli Application Dependency Discovery Manager TADDM thus requiring an upgrade to Spring Framework version 3.2.13. Vulnerability Details CVEID: CVE-2014-3578...

6.8CVSS0.7AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.39 views

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2016-5007, CVE-2016-9878)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the...

7.5CVSS1.1AI score0.0564EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.62 views

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities

Summary IBM Security Guardium Big Data Intelligence SonarG has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener...

9.8CVSS1.1AI score0.91354EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.50 views

Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection X...

6.8CVSS1.1AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.35 views

Security Bulletin: OpenSource GoPivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2014-3578, CVE-2014-3625)

Summary Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. IBM Security Guardium addressed these issues Vulnerability Details CVEID: CVE-2014-3578 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. ...

5CVSS2AI score0.1005EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.44 views

Security Bulletin: OpenSource Spring Source/Pivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary Pivotal Spring Framework could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when...

6.8CVSS1.1AI score0.91354EPSS
Exploits2Affected Software1
NVD
NVD
added 2018/06/11 5:29 p.m.20 views

CVE-2017-3203

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...

8.1CVSS8.2AI score0.06336EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2018/05/29 12:0 a.m.85 views

Pivotal Spring Java Framework 5.0.x Remote Code Execution

Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector"...

7.5CVSS0.7AI score0.77245EPSS
Exploits5
0day.today
0day.today
added 2018/05/29 12:0 a.m.96 views

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

7.5CVSS0.7AI score0.77245EPSS
Exploits5
Rows per page
Query Builder