CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1876 matches found

OSV•added 2015/05/11 8:10 p.m.•4 views

MGASA-2015-0211 Updated springframework packages fix CVE-2014-0225

Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP...

8.8CVSS8.7AI score0.01696EPSS

Exploits0References3

Fedora•added 2015/05/08 7:40 a.m.•39 views

[SECURITY] Fedora 20 Update: springframework-3.1.4-3.fc20

Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...

8.8CVSS1.4AI score0.01696EPSS

Exploits0

myhack58•added 2015/04/23 12:0 a.m.•16 views

The Spring Framework tags EL expressions to perform vulnerability analysis CVE-2 0 1 1-2 7 3 0-a vulnerability warning-the black bar safety net

0x00 Preface This vulnerability has been out for a long time, the previous simple analysis, but due to time constraints, no in-depth study of principles, the online on this vulnerability analysis is also not too much recently due to work reasons, in-depth analysis about the vulnerability of the...

0.2AI score

Exploits0

RedHat Linux•added 2015/03/24 9:5 p.m.•0 views

Framework: directory traversal flaw

A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running...

5CVSS5.8AI score0.1005EPSS

Exploits5References4

RedHat Linux•added 2015/03/24 9:5 p.m.•1 views

Framework: Directory traversal

A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place...

5CVSS7.4AI score0.06215EPSS

Exploits0References6

RedHat Linux•added 2015/03/24 9:5 p.m.•48 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

7.5CVSS6.6AI score0.24738EPSS

Exploits7References20

CNVD•added 2015/03/12 12:0 a.m.•4 views

Unspecified Vulnerability in Pivotal Software Spring Framework Java SockJS Client

Pivotal Software Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in the Java SockJS client in Pivotal Software Spring Framework version...

5CVSS6.9AI score0.019EPSS

Exploits0References1

RedHat Linux•added 2015/03/11 4:51 p.m.•3 views

Framework: Directory traversal

5CVSS7.4AI score0.06215EPSS

Exploits0References6

NVD•added 2015/03/10 2:59 p.m.•22 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS6.6AI score0.019EPSS

Exploits0References1

Prion•added 2015/03/10 2:59 p.m.•13 views

Design/Logic Flaw

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS7.2AI score0.019EPSS

Exploits0References1Affected Software1

Cvelist•added 2015/03/10 2:0 p.m.•29 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

6.6AI score0.019EPSS

Exploits0References1

CVE•added 2015/03/10 2:0 p.m.•79 views

CVE-2015-0201

The CVE-2015-0201 issue affects the Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5. The root cause is generation of predictable session IDs, enabling remote attackers to send messages to other sessions through unspecified vectors. Impact is partial confidentiality of session ...

5CVSS6.8AI score0.019EPSS

Exploits0References1Affected Software2

Debian CVE•added 2015/03/10 2:0 p.m.•19 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS6.7AI score0.019EPSS

Exploits0