Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring framework vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-6420
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Se...
Apache Commons Collections
Apache Commons Collections 4.0
5 Github repositories
5
CVSSv2
CVE-2015-0201
The Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5 generates predictable session ids, which allows remote malicious users to send messages to other sessions via unspecified vectors.
Pivotal Software Spring Framework 4.1.0
Vmware Spring Framework 4.1.2
Vmware Spring Framework 4.1.4
Vmware Spring Framework 4.1.1
Vmware Spring Framework 4.1.3
1 Github repository
5
CVSSv2
CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x prior to 3.2.9 and 4.0 prior to 4.0.5 allows remote malicious users to read arbitrary files via a crafted URL.
Pivotal Software Spring Framework
5
CVSSv2
CVE-2014-3625
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 up to and including 3.2.x prior to 3.2.12, 4.0.x prior to 4.0.8, and 4.1.x prior to 4.1.2 allows remote malicious users to read arbitrary files via unspecified vectors, related to static resource handling.
Vmware Spring Framework
Pivotal Software Spring Framework
6.8
CVSSv2
CVE-2013-7315
The Spring MVC in Spring Framework prior to 3.2.4 and 4.0.0.M1 up to and including 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent malicious users to read arbitrary files, cause a denial of service, and conduct CSR...
Vmware Spring Framework 3.1.4
Vmware Spring Framework 3.1.3
Vmware Spring Framework 4.0.0
Springsource Spring Framework 3.0.5
Springsource Spring Framework 3.0.0
Vmware Spring Framework
Vmware Spring Framework 3.2.2
Vmware Spring Framework 3.1.0
Vmware Spring Framework 3.0.7
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.1
Springsource Spring Framework 3.0.0.m2
Vmware Spring Framework 3.2.1
Vmware Spring Framework 3.2.0
Vmware Spring Framework 3.0.6
Springsource Spring Framework 3.0.0.m1
Vmware Spring Framework 3.1.2
Vmware Spring Framework 3.1.1
Springsource Spring Framework 3.0.4
Springsource Spring Framework 3.0.3
7.5
CVSSv2
CVE-2011-2730
VMware SpringSource Spring Framework prior to 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote malicious users to obtain sensitive information via a (1) name attribute...
Springsource Spring Framework 2.5.0
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 3.0.4
Springsource Spring Framework
Springsource Spring Framework 2.5.3
Springsource Spring Framework 2.5.4
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.3
Springsource Spring Framework 2.5.1
Springsource Spring Framework 2.5.2
Springsource Spring Framework 3.0.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.7
6.8
CVSSv2
CVE-2011-2894
Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restricti...
Vmware Spring Security
Vmware Spring Framework
3 Github repositories
6
CVSSv2
CVE-2010-1622
SpringSource Spring Framework 2.5.x prior to 2.5.6.SEC02, 2.5.7 prior to 2.5.7.SR01, and 3.0.x prior to 3.0.3 allows remote malicious users to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Oracle Fusion Middleware 11.1.1.8.0
Oracle Fusion Middleware 7.6.2
Oracle Fusion Middleware 11.1.1.6.1
Springsource Spring Framework 2.5.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.3
Springsource Spring Framework 3.0.2
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 2.5.4
Springsource Spring Framework 2.5.2
Springsource Spring Framework 2.5.7
Springsource Spring Framework 3.0.0
Springsource Spring Framework 2.5.1
1 EDB exploit
13 Github repositories
1 Article
5
CVSSv2
CVE-2009-1190
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) prior to 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 up to and including 2.5.6 and 3.0.0.M1 up to and including 3.0.0.M2 and dm Server 1....
Sun Jdk 1.3.1 11
Sun Jdk 1.3.1 12
Sun Jdk 1.3.1 13
Sun Jdk 1.3.1 06
Sun Jdk 1.3.1 05
Sun Jdk 1.3.0 05
Sun Jdk 1.3.0 04
Sun Jdk 1.3.1 14
Sun Jdk 1.3.0 01
Sun Jdk 1.3.1 04
Sun Jdk 1.3.1 03
Sun Jdk 1.3.0 03
Sun Jdk 1.3.0 02
Sun Jdk 1.1.8
Sun Jdk 1.2.2
Sun Jdk 1.2.1
Sun Jdk 1.3.1 24
Sun Jdk 1.3.1 23
Sun Jdk 1.3.1 21
Sun Jdk 1.3.1 28
Sun Jdk 1.4.2 14
Sun Jdk 1.4.2 13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6