1886 matches found
Pivotal Software Spring Framework Directory Traversal Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A directory traversal vulnerability exists in Pivotal Software Spring Framework, which stems from the...
CVE-2016-9878
It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks...
Framework: denial-of-service attack with XML input
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...
Framework: denial-of-service attack with XML input
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...
Framework: denial-of-service attack with XML input
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...
CVE-2016-1000027
Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required...
GoPivotal Spring Security and Spring Framework Security Bypass Vulnerability
GoPivotal Spring Securit and Spring Framework are both products of the U.S. company GoPivotal. The former is a set of Spring-based applications to provide illustrative security protection security framework, the latter is a set of open source Java, Java EE application framework. A security bypass...
Design/Logic Flaw
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
DEBIAN-CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
UBUNTU-CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
CVE-2015-3192 affects Pivotal Spring Framework (before 3.2.14 and before 4.1.7). The vulnerability arises from improper processing of inline DTD declarations when DTD is not fully disabled, enabling remote attackers to trigger denial of service via crafted XML (memory consumption/out-of-memory). ...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
Pivotal Software Spring Framework Arbitrary Command Execution Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . An arbitrary command execution vulnerability exists in Pivotal Software Spring Framework. An attacker can explo...
Unspecified Vulnerability in Red Hat JBoss BPM Suite
Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A security vulnerability exists in Red Hat JBoss...
Framework: denial-of-service attack with XML input
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...
PT-2016-3367
Name of the Vulnerable Software and Affected Versions Pivotal Spring Framework versions prior to 6.0.0 Pivotal Spring Framework versions 4.2.6 and 3.2.17 Pivotal Spring Framework versions 5.3.0 through 5.3.16 Description The issue is related to the implementation of the readRemoteInvocation metho...