Search for packages
| purl | pkg:deb/debian/libspring-java@3.0.6.RELEASE-17 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2327-21sr-mfgx
Aliases: CVE-2018-1272 GHSA-4487-x383-qpph |
Improper Privilege Management When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. |
Affected by 1 other vulnerability. |
|
VCID-2ke4-ywbk-2qha
Aliases: CVE-2015-5211 GHSA-pgf9-h69p-pcgf |
Improper Input Validation Under some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. |
Affected by 8 other vulnerabilities. |
|
VCID-46dm-5t83-tyh6
Aliases: CVE-2016-5007 GHSA-8crv-49fr-2h6j |
Spring Security / MVC Path Matching Inconsistency This package rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. |
Affected by 8 other vulnerabilities. |
|
VCID-dakn-kfyh-syab
Aliases: CVE-2018-15756 GHSA-ffvq-7w96-97p7 |
Uncontrolled Resource Consumption Spring Framework provides support for range requests when serving static resources through the `ResourceHttpRequestHandler`. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. |
Affected by 1 other vulnerability. |
|
VCID-esxu-3a7m-q7a7
Aliases: CVE-2018-11039 GHSA-9gcm-f4x3-8jpw |
False positive This advisory has been marked as a False Positive and has been removed. |
Affected by 1 other vulnerability. |
|
VCID-fbxq-3v82-yket
Aliases: CVE-2018-1257 GHSA-rcpf-vj53-7h2m |
Improper Input Validation Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. |
Affected by 1 other vulnerability. |
|
VCID-fra1-reqm-kfdb
Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w |
Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. |
Affected by 0 other vulnerabilities. |
|
VCID-h4kj-zdr8-wbdr
Aliases: CVE-2018-1199 GHSA-v596-fwhq-8x48 |
Improper Input Validation Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for `getPathInfo()` and some do not. Spring Security uses the value returned by `getPathInfo()` as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. |
Affected by 1 other vulnerability. |
|
VCID-haqr-jpvm-eqck
Aliases: CVE-2018-1270 GHSA-p5hg-3xm3-gcjg |
Improper Control of Generation of Code ('Code Injection') Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. |
Affected by 1 other vulnerability. |
|
VCID-kcma-n11h-q7ft
Aliases: CVE-2016-1000027 GHSA-4wrc-f8pq-fpqp |
Deserialization of Untrusted Data Pivotal Spring Framework suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. |
Affected by 8 other vulnerabilities. |
|
VCID-kvhz-7nfu-2kdx
Aliases: CVE-2014-3578 GHSA-rhcg-rwhx-qj3j |
Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via a crafted URL. |
Affected by 8 other vulnerabilities. |
|
VCID-m6g1-a6e3-bqbj
Aliases: CVE-2018-11040 GHSA-f26x-pr96-vw86 |
Inclusion of Functionality from Untrusted Control Sphere Spring Framework allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through `AbstractJsonpResponseBodyAdvice` for REST controllers and `MappingJackson2JsonView` for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when `MappingJackson2JsonView` is configured in an application, JSONP support is automatically ready to use through the `jsonp` and `callback` JSONP parameters, enabling cross-domain requests. |
Affected by 1 other vulnerability. |
|
VCID-ncq1-u2qu-77ec
Aliases: CVE-2015-3192 GHSA-6v7w-535j-rq5m |
DoS Attack with XML Input This package do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. |
Affected by 8 other vulnerabilities. |
|
VCID-tj95-xfgu-pya7
Aliases: CVE-2014-3625 GHSA-hhm4-hwq6-3c6w |
Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. |
Affected by 8 other vulnerabilities. |
|
VCID-vgyx-gshk-tbcx
Aliases: CVE-2016-9878 GHSA-2m8h-fgr8-2q9w |
Path Traversal Paths provided to the `ResourceServlet` were not properly sanitized and as a result exposed to directory traversal attacks. |
Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4ut8-z444-puhf | Cross-site scripting flaw Cross-site scripting (XSS) vulnerability in `web/servlet/tags/form/FormTag.java` in Spring MVC in this package allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. |
CVE-2014-1904
GHSA-ff7p-jqjm-v66h |
| VCID-5xyh-x7zt-aycz | Improper Restriction of XML External Entity Reference The Spring OXM wrapper when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. |
CVE-2013-4152
GHSA-rp4p-g69r-438x |
| VCID-7zcx-qpsn-zuem | XML External Entity (XXE) injection The `SourceHttpMessageConverter` in this package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML. |
CVE-2013-6429
GHSA-g6hf-f9cq-q7w7 |
| VCID-a796-tmtn-6bac | Information disclosure via SSRF This package did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. |
CVE-2014-0225
GHSA-f93f-g33r-8pcp |
| VCID-gwpy-9eej-kbgd | XML External Entity (XXE) injection This package does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. |
CVE-2013-7315
GHSA-vp63-rrcm-9mph |
| VCID-hb8j-4quw-fyhy | XML External Entities This package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. |
CVE-2014-0054
GHSA-8cmm-qj8g-fcp6 |
| VCID-vw31-4w5h-rucb | Improper Neutralization of Input During Web Page Generation in Spring Framework The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. |
CVE-2013-6430
GHSA-xjrf-8x4f-43h4 |