Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring framework vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-0201
The Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5 generates predictable session ids, which allows remote malicious users to send messages to other sessions via unspecified vectors.
Pivotal Software Spring Framework 4.1.0
Vmware Spring Framework 4.1.1
Vmware Spring Framework 4.1.2
Vmware Spring Framework 4.1.3
Vmware Spring Framework 4.1.4
1 Github repository
445
VMScore
CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x prior to 3.2.9 and 4.0 prior to 4.0.5 allows remote malicious users to read arbitrary files via a crafted URL.
Pivotal Software Spring Framework
445
VMScore
CVE-2009-1190
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) prior to 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 up to and including 2.5.6 and 3.0.0.M1 up to and including 3.0.0.M2 and dm Server 1....
Sun Jdk
Sun Jdk 1.1.0
Sun Jdk 1.1.6
Sun Jdk 1.1.7b
Sun Jdk 1.1.8
Sun Jdk 1.2.0
Sun Jdk 1.2.1
Sun Jdk 1.2.2
Sun Jdk 1.3.0
Sun Jdk 1.3.0 01
Sun Jdk 1.3.0 02
Sun Jdk 1.3.0 03
Sun Jdk 1.3.0 04
Sun Jdk 1.3.0 05
Sun Jdk 1.3.1
Sun Jdk 1.3.1 01
Sun Jdk 1.3.1 01a
Sun Jdk 1.3.1 02
Sun Jdk 1.3.1 03
Sun Jdk 1.3.1 04
Sun Jdk 1.3.1 05
Sun Jdk 1.3.1 06
409
VMScore
CVE-2021-22118
In Spring Framework, versions 5.2.x before 5.2.15 and versions 5.3.x before 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been upload...
Vmware Spring Framework
Oracle Retail Order Broker 16.0
Oracle Retail Predictive Application Server 15.0.3
Oracle Enterprise Data Quality 12.2.1.3.0
Oracle Retail Assortment Planning 16.0
Oracle Retail Financial Integration 16.0.3
Oracle Communications Network Integrity 7.3.6
Oracle Retail Integration Bus 16.0.3
Oracle Insurance Rules Palette 11.0.2
Oracle Insurance Rules Palette 11.1.0
Oracle Communications Interactive Session Recorder 6.4
Oracle Commerce Guided Search 11.3.2
Oracle Communications Unified Inventory Management 7.4.1
Oracle Retail Customer Management And Segmentation Foundation
Oracle Enterprise Data Quality 12.2.1.4.0
Oracle Communications Element Manager
Oracle Insurance Policy Administration
Oracle Healthcare Data Repository 8.1.0
Oracle Documaker
Oracle Mysql Enterprise Monitor
Oracle Communications Session Report Manager
Oracle Communications Brm - Elastic Charging Engine 12.0.0.3
397
VMScore
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; a...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 20.04
Oracle Transportation Management 6.3.7
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Managed File Transfer 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Instantis Enterprisetrack
Oracle Communications Instant Messaging Server 10.0.1.4.0
18 Github repositories
384
VMScore
CVE-2018-11040
Spring Framework, versions 5.0.x before 5.0.7 and 4.3.x before 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for...
Vmware Spring Framework
Oracle Flexcube Private Banking 2.2.0.1
Oracle Retail Xstore Point Of Service 7.1
Oracle Application Testing Suite 12.5.0.3
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Insurance Rules Palette 10.0
Oracle Insurance Rules Palette 10.2
Oracle Communications Services Gatekeeper
Oracle Healthcare Master Person Index 3.0
Oracle Healthcare Master Person Index 4.0
Oracle Retail Customer Insights 15.0
Oracle Retail Customer Insights 16.0
Oracle Retail Predictive Application Server 16.0
Oracle Agile Product Lifecycle Management 9.3.3
383
VMScore
CVE-2018-11039
Spring Framework (versions 5.0.x before 5.0.7, versions 4.3.x before 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-e...
Vmware Spring Framework
Oracle Retail Xstore Point Of Service 7.1
Oracle Weblogic Server 12.1.3.0.0
Oracle Application Testing Suite 12.5.0.3
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Diameter Signaling Router
Oracle Communications Performance Intelligence Center
Oracle Insurance Rules Palette 10.0
Oracle Insurance Rules Palette 10.2
Oracle Communications Services Gatekeeper
Oracle Health Sciences Information Manager 3.0
Oracle Healthcare Master Person Index 3.0
1 Github repository
383
VMScore
CVE-2018-1271
Spring Framework, versions 5.0 before 5.0.5 and versions 4.3 before 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to th...
Vmware Spring Framework
Oracle Retail Xstore Point Of Service 7.1
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Application Testing Suite 12.5.0.3
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Retail Open Commerce Platform 6.0.1
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Diameter Signaling Router
Oracle Communications Performance Intelligence Center
Oracle Insurance Rules Palette 10.0
Oracle Insurance Rules Palette 10.2
Oracle Communications Services Gatekeeper
Oracle Health Sciences Information Manager 3.0
Oracle Healthcare Master Person Index 3.0
Oracle Healthcare Master Person Index 4.0
Oracle Insurance Calculation Engine 10.2
1 Github repository
358
VMScore
CVE-2022-22950
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Vmware Spring Framework
5 Github repositories
357
VMScore
CVE-2022-22971
In spring framework versions before 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Vmware Spring Framework
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Oncommand Insight -
Netapp Cloud Secure Agent -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »