Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

CVE-2016-1000027

Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required...

GoPivotal Spring Security and Spring Framework Security Bypass Vulnerability

GoPivotal Spring Securit and Spring Framework are both products of the U.S. company GoPivotal. The former is a set of Spring-based applications to provide illustrative security protection security framework, the latter is a set of open source Java, Java EE application framework. A security bypass...

Spring Boot Framework SPEL Expression Injection Vulnerability

Spring is a lightweight Java development framework . Spring Boot is a core subproject of Spring , which is designed to simplify the initial setup of new Spring applications and the development process . Spring Boot Framework SPEL Expression Injection Vulnerability. As the user adopts Spring Boot ...

Spring Boot framework the expression injection vulnerability

No description provided by source...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

UBUNTU-CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

DEBIAN-CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Design/Logic Flaw

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

CVE-2015-3192 affects Pivotal Spring Framework (before 3.2.14 and before 4.1.7). The vulnerability arises from improper processing of inline DTD declarations when DTD is not fully disabled, enabling remote attackers to trigger denial of service via crafted XML (memory consumption/out-of-memory). ...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Pivotal Software Spring AMQP Remote Code Execution Vulnerability

Pivotal Software Spring AMQP is the U.S. Pivotal Software Spring Framework based on a set of AMQP messaging solution . The solution provides templated send and receive messages and message-driven abstraction layer based on message-driven POJO classes and so on. A remote code execution vulnerabili...

Pivotal Software Spring Social Core Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Social Core is a set of APIs for connecting social services from Pivotal Software, USA. A cross-site request forgery vulnerability exists in Pivotal Software Spring Social Core versions 1.0.0 to 1.0.3 and 1.1.0 to 1.1.2, which stems from the program failing to properly...

Pivotal Software Spring Framework Arbitrary Command Execution Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . An arbitrary command execution vulnerability exists in Pivotal Software Spring Framework. An attacker can explo...

Vulnerability warning: the Spring Boot framework, the expression injection vulnerability-vulnerability warning-the black bar safety net

High-risk vulnerability exposure always occurs at an unexpected moment: the weekend all of them are ready to enjoy the weekend time, the Spring Boot framework SpEL expression inject Common Vulnerability exposure exploit this vulnerability, a remote attacker on the server to execute arbitrary...

Unspecified Vulnerability in Red Hat JBoss BPM Suite

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A security vulnerability exists in Red Hat JBoss...

Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security and bug fix update

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...