CVE-2014-3625
EPSS 17.0%Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Published: 5/13/2022Modified: 4/28/2026
Also known as:DEBIAN-CVE-2014-3625
Description
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Affected packages (2)
- Debian/libspring-javafrom 0, < 3.2.13-1
- Maven/org.springframework:spring-webmvc>= 3.0.4, < 3.2.12
References (12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3625
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3625
- PATCHhttps://github.com/spring-projects/spring-framework
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0236.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0720.html
- WEBhttps://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
- WEBhttps://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
- WEBhttps://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
- WEBhttps://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
- WEBhttps://jira.spring.io/browse/SPR-12354
- WEBhttps://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
- WEBhttp://www.pivotal.io/security/cve-2014-3625