UBUNTU-CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

DEBIAN-CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Design/Logic Flaw

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

CVE-2015-3192 affects Pivotal Spring Framework (before 3.2.14 and before 4.1.7). The vulnerability arises from improper processing of inline DTD declarations when DTD is not fully disabled, enabling remote attackers to trigger denial of service via crafted XML (memory consumption/out-of-memory). ...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Pivotal Software Spring AMQP Remote Code Execution Vulnerability

Pivotal Software Spring AMQP is the U.S. Pivotal Software Spring Framework based on a set of AMQP messaging solution . The solution provides templated send and receive messages and message-driven abstraction layer based on message-driven POJO classes and so on. A remote code execution vulnerabili...

Pivotal Software Spring Social Core Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Social Core is a set of APIs for connecting social services from Pivotal Software, USA. A cross-site request forgery vulnerability exists in Pivotal Software Spring Social Core versions 1.0.0 to 1.0.3 and 1.1.0 to 1.1.2, which stems from the program failing to properly...

Pivotal Software Spring Framework Arbitrary Command Execution Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . An arbitrary command execution vulnerability exists in Pivotal Software Spring Framework. An attacker can explo...

Vulnerability warning: the Spring Boot framework, the expression injection vulnerability-vulnerability warning-the black bar safety net

High-risk vulnerability exposure always occurs at an unexpected moment: the weekend all of them are ready to enjoy the weekend time, the Spring Boot framework SpEL expression inject Common Vulnerability exposure exploit this vulnerability, a remote attacker on the server to execute arbitrary...

Unspecified Vulnerability in Red Hat JBoss BPM Suite

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A security vulnerability exists in Red Hat JBoss...

Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security and bug fix update

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security and bug fix update

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

[SECURITY] Fedora 22 Update: springframework-amqp-1.3.9-4.fc22

The Spring AMQP project applies core Spring concepts to the development of AMQP-based messaging solutions. It provides a "template" as a high-level abstraction for sending and receiving messages. It also provides support for Message driven POJOs with a "listener container". These libraries...

[SECURITY] Fedora 23 Update: springframework-amqp-1.3.9-4.fc23

The Spring AMQP project applies core Spring concepts to the development of AMQP-based messaging solutions. It provides a "template" as a high-level abstraction for sending and receiving messages. It also provides support for Message driven POJOs with a "listener container". These libraries...

[SECURITY] Fedora 24 Update: springframework-amqp-1.3.9-4.fc24

The Spring AMQP project applies core Spring concepts to the development of AMQP-based messaging solutions. It provides a "template" as a high-level abstraction for sending and receiving messages. It also provides support for Message driven POJOs with a "listener container". These libraries...

PT-2016-3367

Name of the Vulnerable Software and Affected Versions Pivotal Spring Framework versions prior to 6.0.0 Pivotal Spring Framework versions 4.2.6 and 3.2.17 Pivotal Spring Framework versions 5.3.0 through 5.3.16 Description The issue is related to the implementation of the readRemoteInvocation metho...