VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

VMware Spring Web Flow 跨站脚本漏洞

VMware Spring Web Flow is a web application flow management framework developed by VMware, Inc. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow have cross-site scripting vulnerabilities. These vulnerabilities stem from the JavaScript RemotingHandler’s ability to rende...

PT-2026-48621

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...

PT-2026-48623

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

PT-2026-48613

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

PT-2026-48617

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

PT-2026-48620

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...

PT-2026-48618

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...

PT-2026-48622

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

CVE-2026-41844

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

Spring Framework 环境问题漏洞

The Spring Framework is an application development framework developed by Spring in open source. Versions of the Spring Framework such as 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier have environmental vulnerabilities. These vulnerabilities stem from the fact tha...

HTTP Request Smuggling

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to HTTP Request Smuggling via multipart reque...

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

Directory Traversal

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Directory Traversal via static resource...

Generation of Predictable Numbers or Identifiers

Overview org.springframework:spring-websocket is a framework that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers ...