Published: 20/11/2014 Updated: 11/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 up to and including 3.2.x prior to 3.2.12, 4.0.x prior to 4.0.8, and 4.1.x prior to 4.1.2 allows remote malicious users to read arbitrary files via unspecified vectors, related to static resource handling.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring framework
pivotal software spring framework

Debian Bug report logs - #769698 libspring-java: CVE-2014-3625 Directory Traversal in Spring Framework Package: src:libspring-java; Maintainer for src:libspring-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: bastien ROUCARIÈS <roucariesbastien+debian@gmailcom> Date: Sat ...

Debian Bug report logs - #760733 CVE-2014-3578: directory traversal Package: src:libspring-java; Maintainer for src:libspring-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Sun, 7 Sep 2014 11:33:05 UTC Severity: important Tags: ...

A directory traversal flaw was found in the way the Spring Framework sanitized certain URLs A remote attacker could use this flaw to obtain any file on the file system that was also accessible to the process in which the Spring web application was running ...

CWE-22 https://jira.spring.io/browse/SPR-12354 http://www.pivotal.io/security/cve-2014-3625 http://rhn.redhat.com/errata/RHSA-2015-0236.html http://rhn.redhat.com/errata/RHSA-2015-0720.html https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769698 https://access.redhat.com/security/cve/cve-2014-3625

CVE-2014-3625

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect