Описание
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Отчет
This issue did not affect the versions of the SpringSource Spring Framework, as shipped with JBoss Enterprise Application Platform v4.2.0, v4.3.0, or v.5.0.0.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS2
Связанные уязвимости
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2 ...
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Уязвимость программной платформы Spring Framework, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS2