Lucene search
K
SpringsourceSpring Framework

5 matches found

CVE
CVE
added 2010/06/21 4:0 p.m.257 views

CVE-2010-1622

CVE-2010-1622 affects Spring Framework 2.5.x up to 2.5.6.SEC02 and 2.5.7 up to 2.5.7.SR01, and 3.0.x up to 3.0.3. The issue arises from binding request data to Java beans, which allows an attacker to overwrite nested properties of the ClassLoader (notably via class.classLoader.URLs[0]), enabling ...

6CVSS9.5AI score0.52003EPSS
CVE
CVE
added 2014/01/23 9:0 p.m.243 views

CVE-2013-4152

CVE-2013-4152 affects Spring Framework: the SourceHttpMessageConverter in Spring MVC with JAXB marshaller does not disable external entity resolution, enabling XXE to read files, cause DoS, and CSRF via XXE in DOMSource/StAXSource/SAXSource/StreamSource. Affected: Spring Framework pre-3.2.4 and 4...

6.8CVSS5.7AI score0.26467EPSS
CVE
CVE
added 2012/12/05 5:0 p.m.176 views

CVE-2011-2730

CVE-2011-2730 concerns VMware SpringSource Spring Framework (versions 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6) where EL-enabled containers evaluate EL expressions in several Spring tags twice, enabling an attacker to obtain sensitive information from attributes such as name, path, argume...

7.5CVSS5.5AI score0.11779EPSS
CVE
CVE
added 2014/04/17 2:0 p.m.133 views

CVE-2014-0054

CVE-2014-0054 is a XXE in Spring Framework’s Jaxb2RootElementHttpMessageConverter used by Spring MVC. Affected: Spring Framework before 3.2.8 and before 4.0.2 (specifically 4.0.0–4.0.2). Root cause: external entity resolution not disabled, allowing remote attackers to read arbitrary files, cause ...

6.8CVSS7.2AI score0.91354EPSS
CVE
CVE
added 2014/01/23 9:0 p.m.124 views

CVE-2013-7315

CVE-2013-7315 affects Spring Framework’s Spring MVC: the SourceHttpMessageConverter (and related XML processing) fails to disable external entity resolution in the StAX XMLInputFactory for certain versions (Spring Framework before 3.2.4 and 4.0.0.M1–4.0.0.M2). This XXE condition allows context-de...

6.8CVSS6.1AI score0.03438EPSS