10 matches found
BSA-2022-1770
Security Advisory ID : BSA-2022-1770 Component : SpringSource Spring Framework Revision : 1.0 CVE-2010-1622: SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing...
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
A zero-day remote code execution RCE vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept PoC exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts...
Spring Framework arbitrary code execution
No description provided by source. CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be...
Spring Source OXM 3.0.4 Command Injection
Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...
VMware SpringSource Spring Framework class.classloader Remote Code Execution (CVE-2010-1622)
The vulnerability is caused due to an error in the mechanism used to update the properties of an object with client provided data. A vulnerability has been reported in Spring Framework. A vulnerability has been reported in Spring Framework, which can allow attackers to compromise a vulnerable...
CVE-2010-1622
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...
CVE-2010-1622
CVE-2010-1622 affects Spring Framework 2.5.x up to 2.5.6.SEC02 and 2.5.7 up to 2.5.7.SR01, and 3.0.x up to 3.0.3. The issue arises from binding request data to Java beans, which allows an attacker to overwrite nested properties of the ClassLoader (notably via class.classLoader.URLs[0]), enabling ...
Spring Framework - Arbitrary code Execution
CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...
CVE-2010-1622
creationtimestamp| type| source ---|---|--- 2010-06-18 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/13918 2022-03-30 05:25:16+00:00| seen| https://t.me/cKure/9213 2022-03-31 14:38:31+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1759 2022-03-31 16:01:37+00:00|...
Spring Framework - Arbitrary code Execution
Spring Framework - Arbitrary code Execution CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions ma...