CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Severity: Critical Versions Affected: Spring Framework: 3.0.0 to 3.0.5 Spring Security: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Several issues have been report...

Spring Security - HTTP Header Injection

Spring Security - HTTP Header Injection source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response,...

Spring Security Header Injection

CVE-2011-2732: Spring Security header injection vulnerability Severity: Important Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security allows the use of a parameter named "spring-security-redirect" by default to determine the location...

Spring Security - HTTP Header Injection

source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various...

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

Spring Source OXM 3.0.4 Command Injection

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

VMware SpringSource Spring Framework class.classloader Remote Code Execution (CVE-2010-1622)

The vulnerability is caused due to an error in the mechanism used to update the properties of an object with client provided data. A vulnerability has been reported in Spring Framework. A vulnerability has been reported in Spring Framework, which can allow attackers to compromise a vulnerable...

Yahoo! Announces Hack U™ Spring 2011 Series !

Yahoo! is proud to announce the Hack U™ Spring 2011 calendar of events. Join Yahoo! web experts for a week of learning, hacking and fun! You'll hear interesting tech talks, hacking tips and lessons, and get hands-on coding workshops where you'll work with cutting-edge technology. The week's event...

3.0.3): Arbitrary Java code execution via an HTTP request containing a specially-crafted .jar file

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

spring-data-commons

It is...

CVE-2010-3700: Spring Security bypass of security constraints

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

Design/Logic Flaw

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

CVE-2010-3700

CVE-2010-3700 affects Spring Security (SpringSource) 2.x up to 2.0.5 and 3.x up to 3.0.3, and Acegi Security 1.0.0–1.0.7, notably when used in IBM WebSphere Application Server 6.1/7.0. The root cause is that URL path parameters are not consistently excluded from getPathInfo(), allowing an attacke...

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

Spring Security Security Constraint Bypass

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)

Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Mandriva Update for cyrus-imapd MDVA-2010:208 cyrus-imapd Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

MDVA-2009:087 : mandriva-kde4-config

This update introduces the kde4 artwork for the upcoming Mandriva 2009 Spring Flash version. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script was...

MDVA-2009:119-1 : yelp

The Yelp help browser shipped with Mandriva 2009 Spring was built without support for LZMA compression. As this is needed to view the compressed manual and GNU Info pages, LZMA support was enabled in this update. Update: On the previous yelp update we added a require on liblzmadec0 for i586 and...

CVE-2010-1622

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...