184 matches found
Moderate: Red Hat Security Advisory: Red Hat JBoss Fuse 6.1.0 update
Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS bas...
Updated springframework packages fix multiple vulnerabilities
Updated springframework packages fix security vulnerabilities: Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities CVE-2014-0054. Spring MVC introduces a cross-site scripting vulnerability if the action on a Spring form is not specified CVE-2014-1904...
[SECURITY] [DSA 2890-1] libspring-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2890-1 [email protected] http://www.debian.org/security/ Florian Weimer March 29, 2014 http://www.debian.org/security/faq -...
DSA-2890-1 libspring-java - security update
Bulletin has no description...
Debian Security Advisory DSA 2890-1 (libspring-java - security update)
Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on a...
DEBIAN-CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
The CVE-2014-1904 entry is an XSS in Spring Framework’s Spring MVC FormTag: FormTag.java improperly handles user-supplied URIs in a default action, enabling remote script/HTML injection. Affected versions are Spring Framework 3.0.0 up to 3.2.7 (and 3.0.0–3.2.7 inclusive) and 4.0.0 up to 4.0.1 (4....
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2013-6429
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
Xxe
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
CVE-2013-6429
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
CVE-2013-6429
CVE-2013-6429 involves Spring Framework’s SourceHttpMessageConverter in Spring MVC, where XML External Entity (XXE) processing is not disabled. This allows remote attackers to read arbitrary files, cause denial of service, and perform CSRF via crafted XML. Affected: Spring Framework versions befo...
DEBIAN-CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
CVE-2013-7315
CVE-2013-7315 affects Spring Framework’s Spring MVC: the SourceHttpMessageConverter (and related XML processing) fails to disable external entity resolution in the StAX XMLInputFactory for certain versions (Spring Framework before 3.2.4 and 4.0.0.M1–4.0.0.M2). This XXE condition allows context-de...