Описание
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3625
- https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
- https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
- https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
- https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
- https://jira.spring.io/browse/SPR-12354
- https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2015-0236.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://www.pivotal.io/security/cve-2014-3625
Пакеты
org.springframework:spring-webmvc
>= 3.0.4, < 3.2.12
3.2.12
org.springframework:spring-webmvc
>= 4.0.0, < 4.0.8
4.0.8
org.springframework:spring-webmvc
>= 4.1.0, < 4.1.2
4.1.2
Связанные уязвимости
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...