VYPR

Spring Framework

by VMware

Source repositories

CVEs (27)

  • CVE-2015-0201Mar 10, 2015
    risk 0.00cvss epss 0.02

    The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

  • CVE-2014-3625Nov 20, 2014
    risk 0.00cvss epss 0.10

    Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

  • CVE-2014-0054Apr 17, 2014
    risk 0.00cvss epss 0.91

    The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML,…

  • CVE-2013-6429Jan 26, 2014
    risk 0.00cvss epss 0.90

    The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML,…

  • CVE-2013-7315Jan 23, 2014
    risk 0.00cvss epss 0.03

    The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via…

  • CVE-2013-4152Jan 23, 2014
    risk 0.00cvss epss 0.26

    The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external…

  • CVE-2011-2894Oct 4, 2011
    risk 0.00cvss epss 0.09

    Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1)…

Page 2 of 2