Spring Framework@4.1.0 Security Vulnerabilities and Issues — Spring Framework@4.1.0 CVE List

Lucene search

Pivotal SoftwareSpring Framework4.1.0

3 matches found

CVE•added 2017/05/25 5:29 p.m.•124 views

CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimm...

7.5CVSS7.4AI score0.00291EPSS

CVE•added 2016/07/12 7:59 p.m.•104 views

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

5.5CVSS5.3AI score0.01232EPSS

CVE•added 2015/03/10 2:59 p.m.•68 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

5CVSS6.8AI score0.00293EPSS