Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring framework vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22262
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF att...
NA
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html att...
1 Github repository
NA
CVE-2015-6420
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Se...
Apache Commons Collections
Apache Commons Collections 4.0
5 Github repositories
NA
CVE-2015-0201
The Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5 generates predictable session ids, which allows remote malicious users to send messages to other sessions via unspecified vectors.
Pivotal Software Spring Framework 4.1.0
Vmware Spring Framework 4.1.2
Vmware Spring Framework 4.1.4
Vmware Spring Framework 4.1.1
Vmware Spring Framework 4.1.3
1 Github repository
NA
CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x prior to 3.2.9 and 4.0 prior to 4.0.5 allows remote malicious users to read arbitrary files via a crafted URL.
Pivotal Software Spring Framework
NA
CVE-2014-3625
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 up to and including 3.2.x prior to 3.2.12, 4.0.x prior to 4.0.8, and 4.1.x prior to 4.1.2 allows remote malicious users to read arbitrary files via unspecified vectors, related to static resource handling.
Vmware Spring Framework
Pivotal Software Spring Framework
NA
CVE-2013-7315
The Spring MVC in Spring Framework prior to 3.2.4 and 4.0.0.M1 up to and including 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent malicious users to read arbitrary files, cause a denial of service, and conduct CSR...
Vmware Spring Framework 3.1.4
Vmware Spring Framework 3.1.3
Vmware Spring Framework 4.0.0
Springsource Spring Framework 3.0.5
Springsource Spring Framework 3.0.0
Vmware Spring Framework
Vmware Spring Framework 3.2.2
Vmware Spring Framework 3.1.0
Vmware Spring Framework 3.0.7
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.1
Springsource Spring Framework 3.0.0.m2
Vmware Spring Framework 3.2.1
Vmware Spring Framework 3.2.0
Vmware Spring Framework 3.0.6
Springsource Spring Framework 3.0.0.m1
Vmware Spring Framework 3.1.2
Vmware Spring Framework 3.1.1
Springsource Spring Framework 3.0.4
Springsource Spring Framework 3.0.3
NA
CVE-2011-2730
VMware SpringSource Spring Framework prior to 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote malicious users to obtain sensitive information via a (1) name attribute...
Springsource Spring Framework 2.5.0
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 3.0.4
Springsource Spring Framework
Springsource Spring Framework 2.5.3
Springsource Spring Framework 2.5.4
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.3
Springsource Spring Framework 2.5.1
Springsource Spring Framework 2.5.2
Springsource Spring Framework 3.0.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.7
NA
CVE-2011-2894
Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restricti...
Vmware Spring Security
Vmware Spring Framework
3 Github repositories
NA
CVE-2010-1622
SpringSource Spring Framework 2.5.x prior to 2.5.6.SEC02, 2.5.7 prior to 2.5.7.SR01, and 3.0.x prior to 3.0.3 allows remote malicious users to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Oracle Fusion Middleware 11.1.1.8.0
Oracle Fusion Middleware 7.6.2
Oracle Fusion Middleware 11.1.1.6.1
Springsource Spring Framework 2.5.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.3
Springsource Spring Framework 3.0.2
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 2.5.4
Springsource Spring Framework 2.5.2
Springsource Spring Framework 2.5.7
Springsource Spring Framework 3.0.0
Springsource Spring Framework 2.5.1
1 EDB exploit
13 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »