12 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-0225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by...
at.molindo.social:spring-social-config (=1.1.0.RELEASE), at.molindo.social:spring-social-security (=1.1.0.RELEASE) +232 more potentially affected by CVE-2014-0225 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.4.RELEASE)
org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =1.4.0, =0.0.2, =0.10.1, =0.10.1, =0.13.3 - com.daikit:daikit4gxt =0.1 - com.ebay:lightning-client =0.9.0 - com.ebay:lightning-core =0.9.0 and more Source cves: CVE-2014-0225 Source advisory: OSV:GHSA-F93F-G33R-8PCP...
ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3) +1208 more potentially affected by CVE-2014-0225 via org.springframework:spring-webmvc (>=3.0.0.RELEASE <=3.2.7.RELEASE)
org.springframework:spring-webmvc MAVEN version =3.0.0.RELEASE, =0.0.20, =0.3.3, =0.1.0, =1.0.0, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =4.2.15 and more Source cves: CVE-2014-0225 Source advisory: OSV:GHSA-F93F-G33R-8PCP...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
CVE-2014-0225 affects Spring Framework when processing user-supplied XML: versions 4.0.0–4.0.4 and 3.0.0–3.2.8 (and possibly earlier unsupported revisions) did not disable by default the resolution of URI references in a DTD declaration, enabling an XML External Entity (XXE) attack. The initial d...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...
Updated springframework packages fix CVE-2014-0225
Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP...
Fedora 20 : springframework-3.1.4-3.fc20 (2015-6862)
Security fix for CVE-2014-0225 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora Update for springframework FEDORA-2015-6862
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...