Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-0236.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0720.html | Third Party Advisory |
http://www.pivotal.io/security/cve-2014-3625 | Vendor Advisory |
https://jira.spring.io/browse/SPR-12354 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2014-11-20 17:50
Updated : 2024-02-28 12:20
NVD link : CVE-2014-3625
Mitre link : CVE-2014-3625
CVE.ORG link : CVE-2014-3625
JSON object : View
Products Affected
pivotal_software
- spring_framework
vmware
- spring_framework
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')