Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-0236.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0720.html | Third Party Advisory |
http://www.pivotal.io/security/cve-2014-3625 | Vendor Advisory |
https://jira.spring.io/browse/SPR-12354 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html | |
http://rhn.redhat.com/errata/RHSA-2015-0236.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0720.html | Third Party Advisory |
http://www.pivotal.io/security/cve-2014-3625 | Vendor Advisory |
https://jira.spring.io/browse/SPR-12354 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2015-0236.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2015-0720.html - Third Party Advisory | |
References | () http://www.pivotal.io/security/cve-2014-3625 - Vendor Advisory | |
References | () https://jira.spring.io/browse/SPR-12354 - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html - |
Information
Published : 2014-11-20 17:50
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3625
Mitre link : CVE-2014-3625
CVE.ORG link : CVE-2014-3625
JSON object : View
Products Affected
vmware
- spring_framework
pivotal_software
- spring_framework
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')