Lucene search
K

214 matches found

Cvelist
Cvelist
added 2017/11/27 10:0 a.m.39 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.6AI score0.00963EPSS
Exploits0References2
CNVD
CNVD
added 2017/10/20 12:0 a.m.3 views

Pivotal Spring Web Flow Incomplete Fixes Security Bypass Vulnerability

Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. An incomplete fix for a security bypass vulnerability exists in Pivotal Spring Web Flow. An attacker could use this issue to bypass security...

5.9CVSS6.9AI score0.00963EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/09/22 8:49 a.m.41 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS3.2AI score0.15858EPSS
Exploits1References2
Spring Security Advisories
Spring Security Advisories
added 2017/09/15 12:0 a.m.6 views

Data Binding Expression Vulnerability in Spring Web Flow

This CVE addresses a second path to exploiting the same vulnerability as the one described under CVE-2017-4971 . Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e. set to “false” can be vulnerable to malicious EL...

5.9CVSS6.6AI score0.15858EPSS
Exploits1References4
Prion
Prion
added 2017/06/13 6:29 a.m.19 views

Design/Logic Flaw

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

4.3CVSS5.4AI score0.15858EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/06/13 6:29 a.m.28 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS5.8AI score0.15858EPSS
Exploits1References3
OSV
OSV
added 2017/06/13 6:29 a.m.26 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS6.5AI score0.15858EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.41 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.5AI score0.15858EPSS
Exploits1References3
CVE
CVE
added 2017/06/13 6:0 a.m.150 views

CVE-2017-4971

CVE-2017-4971 affects Pivotal Spring Web Flow up to 2.4.4/2.4.5. The issue arises when MvcViewFactoryCreator.useSpringBinding is left at its default false, allowing malicious EL expressions in view states during form submissions to be processed without explicit data binding mappings. This is tied...

5.9CVSS5.6AI score0.15858EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2017/06/12 12:0 a.m.122 views

Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)

Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...

4.3CVSS6.8AI score0.15858EPSS
Exploits1
CNVD
CNVD
added 2017/06/08 12:0 a.m.3 views

Pivotal Spring Web Flow Remote Code Execution Vulnerability

Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. A remote code execution vulnerability exists in Pivotal Spring Web Flow versions 2.4.0 through 2.4.4. The vulnerability is caused due to a...

5.9CVSS8.5AI score0.15858EPSS
Exploits1References1
Veracode
Veracode
added 2017/06/06 3:27 a.m.26 views

Data Binding Expression Vulnerability

Spring Web Flow is vulnerable to a data binding expression vulnerability. The vulnerability is possible because the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, the applications which use the default settings are vulnerable to malicious EL expressions in...

5.9CVSS5.6AI score0.15858EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2017/06/01 7:19 a.m.27 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS2.9AI score0.15858EPSS
Exploits1References2
OSV
OSV
added 2014/01/23 9:55 p.m.7 views

UBUNTU-CVE-2013-7315

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...

6.8CVSS7.4AI score0.26467EPSS
Exploits2References8
Rows per page
Query Builder