Описание
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | springframework | Not affected | ||
| Red Hat Enterprise Virtualization 3 | jasperreports-server-pro | Under investigation | ||
| Red Hat JBoss A-MQ 6 | karaf | Affected | ||
| Red Hat JBoss BRMS 6 | springframework | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | springframework | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | spring-webmvc | Will not fix | ||
| Red Hat JBoss Fuse 6 | karaf | Affected | ||
| Red Hat Mobile Application Platform 4 | millicore | Not affected | ||
| Red Hat OpenShift Enterprise 2 | activemq | Not affected | ||
| Red Hat OpenShift Enterprise 2 | cartridge-amq | Affected |
Показывать по
Дополнительная информация
Статус:
5.6 Medium
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
5.6 Medium
CVSS3
6.8 Medium
CVSS2