CVE-2014-3578

Опубликовано: 19 фев. 2015

Источник: debian

Описание

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libspring-java	fixed	3.2.13-1		package
libspring-java	no-dsa		wheezy	package

Примечания

https://github.com/spring-projects/spring-framework/issues/16414
https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d

Связанные уязвимости

CVE-2014-3578

ubuntu

почти 11 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVE-2014-3578

redhat

больше 11 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVE-2014-3578

nvd

почти 11 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

GHSA-rhcg-rwhx-qj3j

github

больше 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework