CVE-2014-3625
EPSS 17.0%Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
發布日:2022/5/13修改日:2026/4/28
描述
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
受影響套件(2)
- Debian/libspring-javafrom 0, < 3.2.13-1
- Maven/org.springframework:spring-webmvc>= 3.0.4, < 3.2.12
參考連結(12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3625
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3625
- PATCHhttps://github.com/spring-projects/spring-framework
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0236.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0720.html
- WEBhttps://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
- WEBhttps://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
- WEBhttps://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
- WEBhttps://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
- WEBhttps://jira.spring.io/browse/SPR-12354
- WEBhttps://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
- WEBhttp://www.pivotal.io/security/cve-2014-3625