Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

CVE-2016-1000027

Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required...

GoPivotal Spring Security and Spring Framework Security Bypass Vulnerability

GoPivotal Spring Securit and Spring Framework are both products of the U.S. company GoPivotal. The former is a set of Spring-based applications to provide illustrative security protection security framework, the latter is a set of open source Java, Java EE application framework. A security bypass...

Design/Logic Flaw

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

UBUNTU-CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

DEBIAN-CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

CVE-2015-3192 affects Pivotal Spring Framework (before 3.2.14 and before 4.1.7). The vulnerability arises from improper processing of inline DTD declarations when DTD is not fully disabled, enabling remote attackers to trigger denial of service via crafted XML (memory consumption/out-of-memory). ...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Pivotal Software Spring Framework Arbitrary Command Execution Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . An arbitrary command execution vulnerability exists in Pivotal Software Spring Framework. An attacker can explo...

Unspecified Vulnerability in Red Hat JBoss BPM Suite

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A security vulnerability exists in Red Hat JBoss...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

PT-2016-3367

Name of the Vulnerable Software and Affected Versions Pivotal Spring Framework versions prior to 6.0.0 Pivotal Spring Framework versions 4.2.6 and 3.2.17 Pivotal Spring Framework versions 5.3.0 through 5.3.16 Description The issue is related to the implementation of the readRemoteInvocation metho...

Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...

MGASA-2015-0426 Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...