CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-20 17:50

Updated : 2024-02-28 12:20


NVD link : CVE-2014-3625

Mitre link : CVE-2014-3625

CVE.ORG link : CVE-2014-3625


JSON object : View

Products Affected

pivotal_software

  • spring_framework

vmware

  • spring_framework
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')