1853 matches found
The vulnerability of the spring-messaging module of the Spring Framework allows a perpetrator to execute arbitrary code.
The vulnerability of the spring-messaging module in the Spring Framework is caused by errors in the handling of STOMP messages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted message...
Spring Framework JAR Detection
Binary data springjardetection.nbin...
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanism...
Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler
Summary FileNet Content Management Interoperability Services CMIS, which ships with IBM Content Navigator, is affected by the following vulnerability: Spring Framework’s improper handling of ResourceHttpRequestHandler could result in denial of service condition. Vulnerability Details CVE-ID:...
Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer
Summary Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer Vulnerability Details CVE-ID:CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By...
Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Application Center
Summary Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Application Center Vulnerability Details CVE-ID:CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...
The vulnerability of the implementation of the HiddenHttpMethodFilter mechanism in the Spring Framework’s software platform allows a perpetrator to carry out a cross-site scripting attack.
The vulnerability of the HiddenHttpMethodFilter mechanism implemented in the Spring Framework is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the TRACE method...
Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)
Summary There are a number of potential security vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework, that is used by IBM Tivoli Netcool Configuration Manager ITNCM. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to...
Spring Framework 4.3.x < 4.3.15 / 5.0.x < 5.0.5 Windows Directory Traversal Vulnerability (CVE-2018-1271)
The remote Windows host contains a Spring Framework library version that is 4.3.x prior to 4.3.15 or 5.0.x prior to 5.0.5. It is, therefore, affected by a directory traversal vulnerability. An unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal...
spring-framework: ReDoS Attack with spring-messaging
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
Important: Red Hat Security Advisory: Red Hat Fuse 7.2 security update
An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
Pivotal Spring Framework Cookie Detection
Binary data 700371.prm...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
DEBIAN-CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
UBUNTU-CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
Denial of service
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...