The vulnerability of the implementation of the ResourceHttpRequestHandler class in the Spring Framework’s software platform allows a perpetrator to trigger a service failure.

The vulnerability of the ResourceHttpRequestHandler implementation in the Spring Framework’s software platform is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header...

Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786)

Summary Pivotal Spring Framework, used by IBM TRIRIGA Application Platform, is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a...

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Cross Site Scripting (XSS)

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Security Bulletin: Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool

Summary A Security vulnerability in Spring Framework, from Pivotal, used by IBM Rational License Key Server Administration & Reporting Tool has been published. Required remediation has been addressed by IBM Rational License Key Server Administration & Reporting Tool team. Vulnerability Details...

Oracle WebLogic Server high-risk security vulnerability alerts-a vulnerability alert-the black bar safety net

2019 04 May 17, 360CERT detection to the Oracle in 4 December 17 release of the security Bulletin. The security Bulletin disclosed the WebLogic Server there are multiple high-risk vulnerabilities that affect multiple WebLogic components. 360CERT it is determined that the security updates for...

Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform Spring Framework is easily exploited and may allow an...

Oracle WebLogic Server Multiple Vulnerabilities (Apr 2019 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework allows a low privileged, remote attacker with network access via HTTP to compromise and takeover the Oracle Communications Unified...

The vulnerability of the spring-messaging module of the Spring Framework allows a perpetrator to execute arbitrary code.

The vulnerability of the spring-messaging module in the Spring Framework is caused by errors in the handling of STOMP messages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted message...

Spring Framework JAR Detection

Binary data springjardetection.nbin...

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanism...

Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler

Summary FileNet Content Management Interoperability Services CMIS, which ships with IBM Content Navigator, is affected by the following vulnerability: Spring Framework’s improper handling of ResourceHttpRequestHandler could result in denial of service condition. Vulnerability Details CVE-ID:...

Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer

Summary Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer Vulnerability Details CVE-ID:CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By...

Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Application Center

Summary Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Application Center Vulnerability Details CVE-ID:CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)

A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...

The vulnerability of the implementation of the HiddenHttpMethodFilter mechanism in the Spring Framework’s software platform allows a perpetrator to carry out a cross-site scripting attack.

The vulnerability of the HiddenHttpMethodFilter mechanism implemented in the Spring Framework is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the TRACE method...

Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary There are a number of potential security vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework, that is used by IBM Tivoli Netcool Configuration Manager ITNCM. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to...