1676 matches found
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
CVE-2022-22970
CVE-2022-22970 is described in IBM and related bulletins as a Spring Framework DoS via data binding of file-upload types (MultipartFile/javax.servlet.Part) when running on affected Spring Framework versions. The root cause involves binding such fields to model objects, enabling resource-exhaustio...
CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
Exploit for Improper Handling of Case Sensitivity in Vmware Spring_Framework
spring-rce-poc Testing CVE-2022-22968 Simple app vulnerable...
Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).
Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, cause...
PT-2022-15751 · Unknown +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.20 Spring Framework versions prior to 5.2.22 Spring Framework old unsupported versions Description: The issue affects applications that handle file uploads and rely on data binding to set a MultipartFile...
PT-2022-6999 · Unknown +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.20 Spring Framework versions prior to 5.2.22 Spring Framework old unsupported versions Description: The application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR...
Spring Framework 输入验证错误漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...
VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Windows
The VMware Spring Framework is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Spring Framework 输入验证错误漏洞
Spring Framework is the U.S. Spring team of a set of Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework 5.3.20 , 5.2.22 before the version of the denial of service vulnerability , the vulnerability stems from the data binding to th...
VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Linux
The VMware Spring Framework is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Spring Framework Class property RCE (Spring4Shell)
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...
Spring4Shell Spring Framework Class Property Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Framework Class property RCE Spring4Shell', 'Description' = %q Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older...
Spring4Shell Spring Framework Class Property Remote Code Execution Exploit
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)
Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework CVE-2022-22950 Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)
Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework CVE-2022-22950 Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version...
Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM API Connect V10 is vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4. Spring-webmvc or...