CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1885 matches found

NVD•added 2014/11/20 5:50 p.m.•21 views

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS9.1AI score0.1005EPSS

Exploits5References5

OSV•added 2014/11/20 5:50 p.m.•2 views

DEBIAN-CVE-2014-3625

5CVSS7AI score0.1005EPSS

Exploits5References1

Prion•added 2014/11/20 5:50 p.m.•30 views

Directory traversal

5CVSS7.1AI score0.1005EPSS

Exploits5References5Affected Software1

Cvelist•added 2014/11/20 5:0 p.m.•28 views

CVE-2014-3625

9.2AI score0.1005EPSS

Exploits5References5

CVE•added 2014/11/20 5:0 p.m.•122 views

CVE-2014-3625

CVE-2014-3625 is a directory traversal vulnerability in Spring Framework. Affected versions: 3.0.4–3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2. Description from sources: remote attackers could read arbitrary files via unspecified vectors related to static resource handling. Im...

5CVSS9AI score0.1005EPSS

Exploits5References5Affected Software2

Debian CVE•added 2014/11/20 5:0 p.m.•30 views

CVE-2014-3625

5CVSS8.1AI score0.1005EPSS

Exploits5

Tenable Nessus•added 2014/11/08 12:0 a.m.•62 views

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.8AI score0.15561EPSS

Exploits7References30

RedHat Linux•added 2014/10/01 6:10 p.m.•71 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update

Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several security issues, multiple bug fixes, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability...

8.8CVSS7.4AI score0.137EPSS

Exploits4References11

RedHat Linux•added 2014/10/01 6:10 p.m.•3 views

Framework: Information disclosure via SSRF

It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning...

8.8CVSS7.3AI score0.01696EPSS

Exploits0References4

Fedora•added 2014/08/30 3:57 a.m.•28 views

[SECURITY] Fedora 20 Update: springframework-security-3.1.7-1.fc20

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...

9.8CVSS1.8AI score0.01808EPSS

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•59 views

Spring Framework arbitrary code execution

No description provided by source. CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be...

6CVSS9.6AI score0.52003EPSS

Exploits11

Japan Vulnerability Notes•added 2014/06/13 3:40 a.m.•2 views

Spring Framework vulnerable to directory traversal

Overview Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Informatio...

5CVSS7AI score0.06215EPSS

Exploits0References11

Japan Vulnerability Notes•added 2014/06/13 12:0 a.m.•67 views

JVN#49154900: Spring Framework vulnerable to directory traversal

Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability. Impact A remote attacker may be able to access arbitrary files on the server. Solution Update the software Users of 3.x should update to version 3.2.9 or later and...

5CVSS9.3AI score0.06215EPSS

Exploits0

NVD•added 2014/04/17 2:55 p.m.•25 views

CVE-2014-0054

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS7.3AI score0.91354EPSS

Exploits0References5

OSV•added 2014/04/17 2:55 p.m.•1 views

DEBIAN-CVE-2014-0054

6.8CVSS9.1AI score0.91354EPSS

Exploits0References1

OSV•added 2014/04/17 2:55 p.m.•1 views

UBUNTU-CVE-2014-0054

6.8CVSS7.4AI score0.91354EPSS

Exploits0References3

Prion•added 2014/04/17 2:55 p.m.•33 views

Xxe

6.8CVSS7.1AI score0.91354EPSS

Exploits2References5Affected Software1

CVE•added 2014/04/17 2:0 p.m.•132 views

CVE-2014-0054

CVE-2014-0054 is a XXE in Spring Framework’s Jaxb2RootElementHttpMessageConverter used by Spring MVC. Affected: Spring Framework before 3.2.8 and before 4.0.2 (specifically 4.0.0–4.0.2). Root cause: external entity resolution not disabled, allowing remote attackers to read arbitrary files, cause ...

6.8CVSS7.2AI score0.91354EPSS

Exploits0References5Affected Software2

Debian CVE•added 2014/04/17 2:0 p.m.•38 views

CVE-2014-0054

6.8CVSS9.6AI score0.91354EPSS

Exploits0

Cvelist•added 2014/04/17 2:0 p.m.•37 views

CVE-2014-0054

7.3AI score0.91354EPSS

Exploits0References5

Rows per page