Описание
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
A directory traversal flaw was found in the Spring Framework. A remote attacker could use this flaw to access arbitrary files on a server, and bypassing security restrictions that are otherwise in place.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | spring | Will not fix | ||
| Red Hat JBoss Data Virtualization 6 | spring | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-6.1 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.1 | Not affected | ||
| Red Hat JBoss Portal 5 | spring | Will not fix | ||
| Red Hat JBoss Portal 6 | spring | Affected | ||
| Red Hat JBoss BPMS 6.0 | spring | Fixed | RHSA-2015:0234 | 17.02.2015 |
| Red Hat JBoss BRMS 6.0 | spring | Fixed | RHSA-2015:0235 | 17.02.2015 |
| Red Hat JBoss Data Virtualization 6.1 | Fixed | RHSA-2015:0675 | 11.03.2015 | |
| Red Hat JBoss Fuse Service Works 6.0 | spring | Fixed | RHSA-2015:0720 | 24.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
EPSS
5 Medium
CVSS2