1832 matches found
[SECURITY] Fedora 19 Update: springframework-security-3.1.6-1.fc19
Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...
[SECURITY] Fedora 20 Update: springframework-security-3.1.6-1.fc20
Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...
DEBIAN-CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
Cross site scripting
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
UBUNTU-CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
The CVE-2014-1904 entry is an XSS in Spring Framework’s Spring MVC FormTag: FormTag.java improperly handles user-supplied URIs in a default action, enabling remote script/HTML injection. Affected versions are Spring Framework 3.0.0 up to 3.2.7 (and 3.0.0–3.2.7 inclusive) and 4.0.0 up to 4.0.1 (4....
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
Framework: XML External Entity (XXE) injection flaw
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
Framework: XML External Entity (XXE) injection flaw
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
MGASA-2014-0096 Updated springframework package fixes security vulnerabilities
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
Framework: XML External Entity (XXE) injection flaw
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
MGASA-2014-0042 Updated springframework packages fix CVE-2013-4152
Updated springframework packages fix security vulnerability: Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites CVE-2013-4152...
Debian DSA-2857-1 : libspring-java - several vulnerabilities
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
[SECURITY] [DSA 2857-1] libspring-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2857-1 [email protected] http://www.debian.org/security/ Markus Koschany February 08, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
DEBIAN-CVE-2013-6429
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
CVE-2013-6429
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...