Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-2730
HistoryDec 05, 2012 - 12:00 a.m.

CVE-2011-2730

2012-12-0500:00:00
ubuntu.com
ubuntu.com
5

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.1%

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and
3.x before 3.0.6, when a container supports Expression Language (EL),
evaluates EL expressions in tags twice, which allows remote attackers to
obtain sensitive information via a (1) name attribute in a (a)
spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or ©
spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7)
scope, or (8) message attribute in a (d) spring:message or (e) spring:theme
tag; or (9) var, (10) scope, or (11) value attribute in a (f)
spring:transform tag, aka “Expression Language Injection.”

Bugs

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.1%

Related for UB:CVE-2011-2730