A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs. A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running.
Find out more about CVE-2014-3625 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Portal Platform 6 | spring | Will not fix |
| Red Hat JBoss Portal 5 | spring | Will not fix |
| Red Hat JBoss Fuse Service Works 6 | spring | Will not fix |
| Red Hat JBoss BRMS 6 | spring | Will not fix |
| Red Hat JBoss BRMS 5 | spring | Will not fix |
| Red Hat JBoss BPMS 6 | spring | Will not fix |
Vulmon