CVE-2014-3578

Опубликовано: 19 фев. 2015

Источник: debian

EPSS Низкий

Описание

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libspring-java	fixed	3.2.13-1		package
libspring-java	no-dsa		wheezy	package

Примечания

https://github.com/spring-projects/spring-framework/issues/16414
https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d

EPSS

Процентиль: 90%

0.05834

Низкий

Связанные уязвимости

CVE-2014-3578

ubuntu

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVE-2014-3578

redhat

почти 11 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVE-2014-3578

nvd

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

GHSA-rhcg-rwhx-qj3j

github

около 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

EPSS

Процентиль: 90%

0.05834

Низкий