Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)

The version Oracle WebCenter Sites installed on the remote host is missing security patches from the October 2015 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the bundled SpringSource Spring Framework that allows a remote attacker to execu...

Updated springframework package fixes security vulnerability

In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protec...

MGASA-2015-0294 Updated springframework package fixes security vulnerability

In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protec...

[SECURITY] Fedora 22 Update: springframework-3.2.14-1.fc22

Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...

[SECURITY] Fedora 21 Update: springframework-3.2.14-1.fc21

Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...

Spring3. 2. 1 1 with Quartz2. 2. 1 integrated memory leaks problem solving-vulnerability warning-the black bar safety net

Quartz is a timer task scheduling open-source framework, use up more convenient. And Spring's support package for Quartz with integrated. But the author in the web application using the process but encountered a memory leak problem. Problems of the author in using the Spring+Quartz usage is as...

MGASA-2015-0211 Updated springframework packages fix CVE-2014-0225

Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP...

[SECURITY] Fedora 20 Update: springframework-3.1.4-3.fc20

Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...

The Spring Framework tags EL expressions to perform vulnerability analysis CVE-2 0 1 1-2 7 3 0-a vulnerability warning-the black bar safety net

0x00 Preface This vulnerability has been out for a long time, the previous simple analysis, but due to time constraints, no in-depth study of principles, the online on this vulnerability analysis is also not too much recently due to work reasons, in-depth analysis about the vulnerability of the...

Framework: directory traversal flaw

A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

Framework: Directory traversal

A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place...

Unspecified Vulnerability in Pivotal Software Spring Framework Java SockJS Client

Pivotal Software Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in the Java SockJS client in Pivotal Software Spring Framework version...

Framework: Directory traversal

A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place...

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

Design/Logic Flaw

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

CVE-2015-0201

The CVE-2015-0201 issue affects the Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5. The root cause is generation of predictable session IDs, enabling remote attackers to send messages to other sessions through unspecified vectors. Impact is partial confidentiality of session ...

CVE-2014-3578

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL...