Spring Framework@3.0.5 Security Vulnerabilities and Issues — Spring Framework@3.0.5 CVE List

Lucene search

SpringsourceSpring Framework3.0.5

3 matches found

CVE•added 2014/01/23 9:55 p.m.•210 views

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in c...

6.8CVSS5.7AI score0.84056EPSS

CVE•added 2014/04/17 2:55 p.m.•113 views

CVE-2014-0054

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS7.2AI score0.84056EPSS

CVE•added 2014/01/23 9:55 p.m.•106 views

CVE-2013-7315

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, ak...

6.8CVSS6.1AI score0.84056EPSS