Описание
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | spring | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-6.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.1 | Affected | ||
| Red Hat JBoss Portal 5 | spring | Will not fix | ||
| Red Hat JBoss Portal 6 | spring | Affected | ||
| Red Hat JBoss A-MQ 6.1 | Fixed | RHSA-2015:0236 | 18.02.2015 | |
| Red Hat JBoss BPMS 6.0 | spring | Fixed | RHSA-2015:0234 | 17.02.2015 |
| Red Hat JBoss BRMS 6.0 | spring | Fixed | RHSA-2015:0235 | 17.02.2015 |
| Red Hat JBoss Fuse 6.1 | Fixed | RHSA-2015:0236 | 18.02.2015 | |
| Red Hat JBoss Fuse Service Works 6.0 | spring | Fixed | RHSA-2015:0720 | 24.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
EPSS
5 Medium
CVSS2