Описание
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libspring-java | fixed | 4.3.5-1 | package | |
| libspring-java | no-dsa | wheezy | package |
Примечания
https://pivotal.io/security/cve-2016-9878
Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch)
Fixed by: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98 (4.2.x branch)
Fixed by: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0 (3.2.x branch)
https://jira.spring.io/browse/SPR-14946
Связанные уязвимости
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized