1674 matches found
DEBIAN-CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
Design/Logic Flaw
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
CVE-2015-3192 affects Pivotal Spring Framework (before 3.2.14 and before 4.1.7). The vulnerability arises from improper processing of inline DTD declarations when DTD is not fully disabled, enabling remote attackers to trigger denial of service via crafted XML (memory consumption/out-of-memory). ...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
Pivotal Software Spring Framework Arbitrary Command Execution Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . An arbitrary command execution vulnerability exists in Pivotal Software Spring Framework. An attacker can explo...
Unspecified Vulnerability in Red Hat JBoss BPM Suite
Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A security vulnerability exists in Red Hat JBoss...
Framework: denial-of-service attack with XML input
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...
PT-2016-3367
Name of the Vulnerable Software and Affected Versions Pivotal Spring Framework versions prior to 6.0.0 Pivotal Spring Framework versions 4.2.6 and 3.2.17 Pivotal Spring Framework versions 5.3.0 through 5.3.16 Description The issue is related to the implementation of the readRemoteInvocation metho...
MGASA-2015-0426 Updated springframework packages fix security vulnerability
Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...
Updated springframework packages fix security vulnerability
Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...
PT-2017-6830 · Spring +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 3.2.0 through 3.2.14 Spring Framework versions 4.0.0 through 4.1.7 Spring Framework versions 4.2.0 through 4.2.1 Description: The issue allows a malicious user to craft a URL that results in a response being download...
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...
Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)
The version Oracle WebCenter Sites installed on the remote host is missing security patches from the October 2015 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the bundled SpringSource Spring Framework that allows a remote attacker to execu...
Updated springframework package fixes security vulnerability
In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protec...
MGASA-2015-0294 Updated springframework package fixes security vulnerability
In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protec...
[SECURITY] Fedora 22 Update: springframework-3.2.14-1.fc22
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...
Spring3. 2. 1 1 with Quartz2. 2. 1 integrated memory leaks problem solving-vulnerability warning-the black bar safety net
Quartz is a timer task scheduling open-source framework, use up more convenient. And Spring's support package for Quartz with integrated. But the author in the web application using the process but encountered a memory leak problem. Problems of the author in using the Spring+Quartz usage is as...
MGASA-2015-0211 Updated springframework packages fix CVE-2014-0225
Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP...
[SECURITY] Fedora 20 Update: springframework-3.1.4-3.fc20
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...