Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3192

Опубликовано: 12 июл. 2016
Источник: nvd
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01378
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2015-3192

CVSS3: 5.5
ubuntu
почти 9 лет назад

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

redhat логотип

CVE-2015-3192

CVSS3: 5.3
redhat
почти 10 лет назад

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

debian логотип

CVE-2015-3192

CVSS3: 5.5
debian
почти 9 лет назад

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...

github логотип

GHSA-6v7w-535j-rq5m

CVSS3: 5.5
github
больше 6 лет назад

Pivotal Spring Framework DoS Attack with XML Input

EPSS

Процентиль: 79%
0.01378
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-119