Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring framework vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2016-2340
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an X...
Graniteds Granite Data Services 3.1.1-snapshot
NA
CVE-2015-6420
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Se...
Apache Commons Collections
Apache Commons Collections 4.0
5 Github repositories
NA
CVE-2015-0201
The Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5 generates predictable session ids, which allows remote malicious users to send messages to other sessions via unspecified vectors.
Pivotal Software Spring Framework 4.1.0
Vmware Spring Framework 4.1.2
Vmware Spring Framework 4.1.4
Vmware Spring Framework 4.1.1
Vmware Spring Framework 4.1.3
1 Github repository
NA
CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x prior to 3.2.9 and 4.0 prior to 4.0.5 allows remote malicious users to read arbitrary files via a crafted URL.
Pivotal Software Spring Framework
NA
CVE-2014-3625
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 up to and including 3.2.x prior to 3.2.12, 4.0.x prior to 4.0.8, and 4.1.x prior to 4.1.2 allows remote malicious users to read arbitrary files via unspecified vectors, related to static resource handling.
Vmware Spring Framework
Pivotal Software Spring Framework
NA
CVE-2013-7315
The Spring MVC in Spring Framework prior to 3.2.4 and 4.0.0.M1 up to and including 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent malicious users to read arbitrary files, cause a denial of service, and conduct CSR...
Vmware Spring Framework 3.1.4
Vmware Spring Framework 3.1.3
Vmware Spring Framework 4.0.0
Springsource Spring Framework 3.0.5
Springsource Spring Framework 3.0.0
Vmware Spring Framework
Vmware Spring Framework 3.2.2
Vmware Spring Framework 3.1.0
Vmware Spring Framework 3.0.7
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.1
Springsource Spring Framework 3.0.0.m2
Vmware Spring Framework 3.2.1
Vmware Spring Framework 3.2.0
Vmware Spring Framework 3.0.6
Springsource Spring Framework 3.0.0.m1
Vmware Spring Framework 3.1.2
Vmware Spring Framework 3.1.1
Springsource Spring Framework 3.0.4
Springsource Spring Framework 3.0.3
NA
CVE-2011-2730
VMware SpringSource Spring Framework prior to 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote malicious users to obtain sensitive information via a (1) name attribute...
Springsource Spring Framework 2.5.0
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 3.0.4
Springsource Spring Framework
Springsource Spring Framework 2.5.3
Springsource Spring Framework 2.5.4
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.3
Springsource Spring Framework 2.5.1
Springsource Spring Framework 2.5.2
Springsource Spring Framework 3.0.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.7
NA
CVE-2011-2894
Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restricti...
Vmware Spring Security
Vmware Spring Framework
3 Github repositories
NA
CVE-2010-1622
SpringSource Spring Framework 2.5.x prior to 2.5.6.SEC02, 2.5.7 prior to 2.5.7.SR01, and 3.0.x prior to 3.0.3 allows remote malicious users to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Oracle Fusion Middleware 11.1.1.8.0
Oracle Fusion Middleware 7.6.2
Oracle Fusion Middleware 11.1.1.6.1
Springsource Spring Framework 2.5.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.3
Springsource Spring Framework 3.0.2
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 2.5.4
Springsource Spring Framework 2.5.2
Springsource Spring Framework 2.5.7
Springsource Spring Framework 3.0.0
Springsource Spring Framework 2.5.1
1 EDB exploit
13 Github repositories
1 Article
NA
CVE-2009-1190
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) prior to 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 up to and including 2.5.6 and 3.0.0.M1 up to and including 3.0.0.M2 and dm Server 1....
Sun Jdk 1.3.1 11
Sun Jdk 1.3.1 12
Sun Jdk 1.3.1 13
Sun Jdk 1.3.1 06
Sun Jdk 1.3.1 05
Sun Jdk 1.3.0 05
Sun Jdk 1.3.0 04
Sun Jdk 1.3.1 14
Sun Jdk 1.3.0 01
Sun Jdk 1.3.1 04
Sun Jdk 1.3.1 03
Sun Jdk 1.3.0 03
Sun Jdk 1.3.0 02
Sun Jdk 1.1.8
Sun Jdk 1.2.2
Sun Jdk 1.2.1
Sun Jdk 1.3.1 24
Sun Jdk 1.3.1 23
Sun Jdk 1.3.1 21
Sun Jdk 1.3.1 28
Sun Jdk 1.4.2 14
Sun Jdk 1.4.2 13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6