Lucene search
K

1891 matches found

Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.4 views

PT-2022-6999 · Unknown +1 · Spring Framework +1

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.20 Spring Framework versions prior to 5.2.22 Spring Framework old unsupported versions Description: The application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an...

6.8CVSS7AI score0.02931EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.5 views

PT-2022-15751 · Unknown +1 · Spring Framework +1

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.20 Spring Framework versions prior to 5.2.22 Spring Framework old unsupported versions Description: The issue affects applications that handle file uploads and rely on data binding to set a MultipartFile...

5.3CVSS6.5AI score0.01853EPSS
Exploits1References19
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/11 12:12 p.m.27 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR...

9.8CVSS7.8AI score0.99677EPSS
Exploits100Affected Software1
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.3 views

Spring Framework 输入验证错误漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...

6.5CVSS7.5AI score0.02931EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.3 views

Spring Framework 输入验证错误漏洞

Spring Framework is the U.S. Spring team of a set of Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework 5.3.20 , 5.2.22 before the version of the denial of service vulnerability , the vulnerability stems from the data binding to th...

5.3CVSS7.1AI score0.01853EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2022/05/11 12:0 a.m.32 views

VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Linux

The VMware Spring Framework is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS7.6AI score0.02931EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/05/11 12:0 a.m.27 views

VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Windows

The VMware Spring Framework is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS7.6AI score0.02931EPSS
Exploits1References3
Metasploit
Metasploit
added 2022/05/10 5:43 p.m.416 views

Spring Framework Class property RCE (Spring4Shell)

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...

9.8CVSS8.8AI score0.99677EPSS
Exploits100
Packet Storm
Packet Storm
added 2022/05/10 12:0 a.m.673 views

Spring4Shell Spring Framework Class Property Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Framework Class property RCE Spring4Shell', 'Description' = %q Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older...

9.8CVSS0.4AI score0.99677EPSS
Exploits100
0day.today
0day.today
added 2022/05/10 12:0 a.m.397 views

Spring4Shell Spring Framework Class Property Remote Code Execution Exploit

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...

9.8CVSS0.4AI score0.99677EPSS
Exploits100
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 11:17 p.m.43 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)

Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework CVE-2022-22950 Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version...

6.5CVSS2.1AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 11:10 p.m.45 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)

Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework CVE-2022-22950 Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version...

6.5CVSS2.1AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/05 4:59 p.m.37 views

Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM API Connect V10 is vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4. Spring-webmvc or...

9.8CVSS0.7AI score0.99677EPSS
Exploits100Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/05 7:36 a.m.43 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to ...

9.8CVSS1.4AI score0.99677EPSS
Exploits100Affected Software1
OSV
OSV
added 2022/05/05 12:29 a.m.32 views

GHSA-XJRF-8X4F-43H4 Improper Neutralization of Input During Web Page Generation in Spring Framework

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...

5.4CVSS5.3AI score0.03198EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/05 12:29 a.m.36 views

Improper Neutralization of Input During Web Page Generation in Spring Framework

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...

5.4CVSS4AI score0.03198EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/02 3:22 a.m.26 views

GHSA-WJJR-H4WH-W6VV Spring Framework Inefficient Regular Expression Complexity

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

5CVSS9.2AI score0.02796EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/02 3:22 a.m.24 views

Spring Framework Inefficient Regular Expression Complexity

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

5CVSS4.1AI score0.02796EPSS
Exploits1References6Affected Software1
GithubExploit
GithubExploit
added 2022/04/29 9:58 a.m.238 views

Exploit for Code Injection in Vmware Spring_Framework

漏洞简介 最近spring爆出重磅级CVE漏洞,cve信息显示"A Spring MVC or Spring WebFl...

9.8CVSS9.3AI score0.99677EPSS
Exploits105
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 11:9 p.m.28 views

Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM InfoSphere Information Server is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to ...

9.8CVSS1.6AI score0.99677EPSS
Exploits100Affected Software1
Rows per page
Query Builder