CVE-2017-8028

A vulnerability was found in spring-ldap that allows an attacker to authenticate with an arbitrary password. When spring-ldap connected to some LDAP servers, when no additional attributes are bound, when using LDAP BindAuthenticator with...

Framework: Directory Traversal in the Spring Framework ResourceServlet

It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks...

Pivotal Spring-LDAP Authentication Bypass Vulnerability

Pivotal Spring-LDAP is the U.S. Pivotal Software, Inc. to simplify LDAP programming in Java in a library . An authentication bypass vulnerability exists in Pivotal Spring-LDAP versions 1.3.0 through 2.3.1. A remote attacker can exploit this vulnerability to bypass the authentication mechanism and...

Pivotal Spring Web Flow Incomplete Fixes Security Bypass Vulnerability

Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. An incomplete fix for a security bypass vulnerability exists in Pivotal Spring Web Flow. An attacker could use this issue to bypass security...

CVE-2017-4995

It was found that spring security uses Jackson's enableDefaultTyping polymorphic capability for object deserialization. Jackson has already addressed this issue by blacklisting well-known gadget classes. However, under a right circumstances e.g. an existence of an old JDK and vulnerable Jackson i...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

Pivotal Spring AMQP Remote Code Execution Vulnerability

Spring AMQP is based on the Spring Framework AMQP messaging solution , providing templated send and receive messages to the abstraction layer , providing message-driven POJO-based message listening and so on. A remote code execution vulnerability exists in Pivotal Spring AMQP...

Pivotal Spring Data REST Remote Code Execution Vulnerability

Spring Data REST is part of the Spring Data project and enables building hypermedia-driven REST web services on top of the Spring Data repository. A remote code execution vulnerability exists in Pivotal Spring Data REST, which allows an attacker to perform a remote code execution attack by...

Remote Code Execution (RCE)

spring-amqp is vulnerable to remote code execution RCE attacks. A malicious user can pass a org.springframework.amqp.core.Message object containing arbitrary code that is executed when deserialized by the application...

Data Binding Expression Vulnerability

spring-webflow is vulnerable to a data binding expression vulnerability. The vulnerability is caused when the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, applications which use the default settings are vulnerable to malicious EL expressions in view state...

Wallarm to sponsor OWASP AppSec USA

If you are a SecOps or DevOps professional you can not miss the application security event of the year: AppSec USA, September 19–22nd at Disney Coronado Spring Resort, Orlando, FL Use the code: UNLM50WLLRM to register to get $50 discount. You will get great information on the new security tools a...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in springframework-social before 1.1.3...

Cross-site Request Forgery (CSRF)

spring-batch-admin is vulnerable to cross-site request forgery CSRF attacks. The library does not use CSRF tokens, allowing a malicious user to hijack the authentication of other users and submit arbitrary requests through the file upload page...

Pivotal Software Spring Batch Admin Cross-Site Scripting Vulnerability

Pivotal Software Spring Batch Admin is a monitoring and management tool from Pivotal Software, USA. A cross-site scripting vulnerability exists in Pivotal Software Spring Batch Admin versions prior to 1.3.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML v...

Pivotal Software Spring Batch Admin Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Batch Admin is a monitoring and management tool from Pivotal Software, USA. A cross-site request forgery vulnerability exists in Pivotal Software Spring Batch Admin versions prior to 1.3.0. A remote attacker can exploit this vulnerability to perform unauthorized operations...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...