Spring Framework — универсальный фреймворк с открытым исходным кодом для Java-платформы.

Релизный цикл, информация об уязвимостях

Продукт: Spring Framework

Вендор: VMware

График релизов

Недавние уязвимости Spring Framework

Количество 236

CVE-2015-0201

больше 10 лет назад

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

CVSS2: 2.6

EPSS: Низкий

CVE-2014-3578

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVSS2: 5

EPSS: Низкий

CVE-2014-3578

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...

CVSS2: 5

EPSS: Низкий

CVE-2014-3578

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVSS2: 5

EPSS: Низкий

CVE-2014-3625

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVSS2: 5

EPSS: Средний

CVE-2014-3625

больше 10 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...

CVSS2: 5

EPSS: Средний

CVE-2014-3625

больше 10 лет назад

CVSS2: 5

EPSS: Средний

CVE-2014-3625

больше 10 лет назад

CVSS2: 5

EPSS: Средний

CVE-2014-3578

почти 11 лет назад

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVSS2: 5

EPSS: Низкий

CVE-2014-0225

около 11 лет назад

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-0201 The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.	CVSS2: 2.6	0% Низкий	больше 10 лет назад
CVE-2014-3578 Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.	CVSS2: 5	6% Низкий	больше 10 лет назад
CVE-2014-3578 Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...	CVSS2: 5	6% Низкий	больше 10 лет назад
CVE-2014-3578 Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.	CVSS2: 5	6% Низкий	больше 10 лет назад
CVE-2014-3625 Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.	CVSS2: 5	29% Средний	больше 10 лет назад
CVE-2014-3625 Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...	CVSS2: 5	29% Средний	больше 10 лет назад
CVE-2014-3625 Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.	CVSS2: 5	29% Средний	больше 10 лет назад
CVE-2014-3625 Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.	CVSS2: 5	29% Средний	больше 10 лет назад
CVE-2014-3578 Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.	CVSS2: 5	6% Низкий	почти 11 лет назад
CVE-2014-0225 When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.	CVSS2: 5	0% Низкий	около 11 лет назад

Уязвимостей на страницу