Lucene search
K

1888 matches found

OSV
OSV
added 2020/01/02 11:15 p.m.37 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS7.9AI score0.32257EPSS
Exploits4References9
OSV
OSV
added 2020/01/02 11:15 p.m.4 views

DEBIAN-CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS8.8AI score0.32257EPSS
Exploits4References1
NVD
NVD
added 2020/01/02 11:15 p.m.35 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS9.9AI score0.32257EPSS
Exploits4References9
Prion
Prion
added 2020/01/02 11:15 p.m.31 views

Deserialization of untrusted data

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

7.5CVSS8.1AI score0.32257EPSS
Exploits4References9Affected Software1
UbuntuCve
UbuntuCve
added 2020/01/02 11:15 p.m.50 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS7.2AI score0.32257EPSS
Exploits4References2
OSV
OSV
added 2020/01/02 11:15 p.m.5 views

UBUNTU-CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS7.4AI score0.32257EPSS
Exploits4References3
Cvelist
Cvelist
added 2020/01/02 12:0 a.m.34 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.9AI score0.32257EPSS
Exploits4References9
CNVD
CNVD
added 2020/01/02 12:0 a.m.5 views

Pivotal Software Spring Framework Code Issue Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A code issue vulnerability exists in Pivotal Software Spring Framework version 4.1.4, which can be exploited by ...

9.8CVSS7.7AI score0.32257EPSS
Exploits4References1
Debian CVE
Debian CVE
added 2020/01/02 12:0 a.m.137 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS8.7AI score0.32257EPSS
Exploits4
CVE
CVE
added 2020/01/02 12:0 a.m.562 views

CVE-2016-1000027

CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...

9.8CVSS9.8AI score0.32257EPSS
Exploits4References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.54 views

Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of service DoS vulnerability. This vulnerability is due to its use...

7.5CVSS7.4AI score0.09513EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/10/08 3:56 a.m.42 views

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

7.5CVSS2.6AI score0.02831EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/10/02 12:0 a.m.388 views

Spring Framework < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270)

The remote host contains a Spring Framework library version that is 4.3.x prior to 4.3.16 or 5.0.x prior to 5.0.5. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, by sending a special craft message to the broker that can...

9.8CVSS8.7AI score0.77245EPSS
Exploits5References2
RedHat Linux
RedHat Linux
added 2019/08/08 10:8 a.m.0 views

spring-security-core: Unauthorized Access with Spring Security Method Security

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS7.2AI score0.02427EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/07/19 12:0 a.m.43 views

Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - An unspecified...

9.8CVSS8.1AI score0.10599EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/11 7:25 p.m.36 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2015-5211 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By usin...

9.6CVSS1.7AI score0.0257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/10 3:40 p.m.46 views

Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756)

Summary Open source Spring Framework as used in IBM QRadar SIEM is vulnerable to a denial of service Vulnerability Details CVEID: CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

7.5CVSS0.8AI score0.09513EPSS
Exploits0Affected Software1
Gitee
Gitee
added 2019/07/03 2:4 p.m.5 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 在学习Web安全的过程中整合的一些资料。 该repo会不断更新,最近更新日期为:2017/11/2。 同步更新于: chybeta: Web-Security-Learning 带目录 11月2日更新: + 新收录文章: + SQL注入 + sqlmap自带的tamper你了解多少? + XSS + 前端防御从入门到弃坑--CSP变迁 + ssrf + SSRF:CVE-2017-9993 FFmpeg + AVI + HLS + CSRF + CSRF 花式绕过Referer技巧 + 各大SRC中的CSRF技巧 + java-Web +...

7.5CVSS7.7AI score0.16437EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/28 3:35 p.m.29 views

Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756)

Summary Security vulnerability affects IBM Watson Explorer Foundational Components. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a...

7.5CVSS0.8AI score0.09513EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/16 12:0 a.m.4 views

The vulnerability of the Spring Framework software, related to security configuration errors, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the Spring Framework is related to errors in security settings. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of the information being protected...

5.9CVSS6.4AI score0.03244EPSS
Exploits0References6Affected Software10
Rows per page
Query Builder