CVE-2016-9878

Опубликовано: 29 дек. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*

Версия до 3.2.0 (включая)

cpe:2.3:a:pivotal_software:spring_framework:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:spring_framework:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:4.3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04927

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2016-9878

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2016-9878

CVSS3: 5.6

redhat

больше 8 лет назад

CVE-2016-9878

CVSS3: 7.5

debian

больше 8 лет назад

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...

GHSA-2m8h-fgr8-2q9w

CVSS3: 7.5

github

почти 7 лет назад

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized

EPSS

Процентиль: 89%

0.04927

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22