Lucene search
K

113 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/10/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.6AI score0.14718EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/10/14 3:53 p.m.6 views

spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...

7.5CVSS7.3AI score0.14718EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2024/09/13 3:43 p.m.47 views

CVE-2024-38816

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...

7.5CVSS6.5AI score0.14718EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.7 views

be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2820 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.23)

org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2024-38816 Source advisory...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.8 views

ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +2685 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.12)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =1.12.0, =1.14.0 - ai.yda-framework:rest-spring-channel =0.1.0 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.7 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10651 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =j11.2.6.2 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/09/13 6:30 a.m.175 views

Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.14718EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2024/09/13 6:15 a.m.23 views

CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS7.5AI score0.14718EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/09/13 6:10 a.m.24 views

CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS7.1AI score0.14718EPSS
Exploits1
Cvelist
Cvelist
added 2024/09/13 6:10 a.m.40 views

CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS0.14718EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/11/28 9:30 a.m.4 views

be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2267 more potentially affected by CVE-2023-34053 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.13)

org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2023-34053 Source advisory: OSV:GHS...

7.5CVSS7.1AI score0.0115EPSS
Exploits0
GithubExploit
GithubExploit
added 2023/09/02 10:41 a.m.361 views

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell: CVE-2022-22965 RCE Java Spring framework RCE...

9.8CVSS9.2AI score0.99677EPSS
Exploits102
Veracode
Veracode
added 2023/03/30 2:11 a.m.37 views

Security Bypass

spring-webmvc is vulnerable to Security Bypass. The vulnerability exists because using "" as a pattern in spring security configuration with the mvcRequestMatcher which creates a mismatch in pattern matching between Spring Security and Spring MVC and the potential for a security bypass...

7.5CVSS7.2AI score0.03514EPSS
Exploits1References4Affected Software3
vulnersOsv
vulnersOsv
added 2023/03/28 12:34 a.m.4 views

am.ik.webhook:webhook-verifier (>=0.1.0 <=0.1.1), be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3) +3191 more potentially affected by CVE-2023-20860 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.6)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.1.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.0.0 and more Source cves: CVE-2023-20860 Source advisory: OSV:GHSA-7PHW-CXX7-Q9VQhttps://vuln...

7.5CVSS6.7AI score0.03514EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/03/28 12:34 a.m.6 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +7729 more potentially affected by CVE-2023-20860 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.25)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =1.1.0, =4.1.36, =4.7.0-beta.0 and more Source cves: CVE-2023-20860 Source advisory: OSV:GHSA-7PHW-CXX7-Q9VQ...

7.5CVSS6.7AI score0.03514EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.30 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3...

9.8CVSS9.1AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/01 12:45 a.m.50 views

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

Summary IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

9.8CVSS9.1AI score0.99677EPSS
Exploits102Affected Software1
Veracode
Veracode
added 2022/09/23 9:23 a.m.34 views

Information Disclosure

spring-data-rest-webmvc is vulnerable to information disclosure. The vulnerability exists due to the improper implementation of the JSON patch in the library, allowing an attacker to get information about the hidden entity attributes through maliciously crafted HTTP requests...

3.7CVSS4.8AI score0.00467EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 8:7 p.m.99 views

Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

9.8CVSS9.2AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/20 3:16 a.m.50 views

Security Bulletin: IBM Spectrum Symphony is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Spectrum Symphony is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boo...

9.8CVSS1.6AI score0.99677EPSS
Exploits102Affected Software1
Rows per page
Query Builder