|
[Japanese]
|
JVNDB-2014-000054
|
Spring Framework vulnerable to directory traversal
|
|
Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
|
GoPivotal
- Spring Framework versions 4.0.0 through 4.0.4
- Spring Framework versions 3.2.0 through 3.2.8
|
According to the developer, version 3.1.1 has been confirmed to be affected and other unsupported versions may also be affected.
|
|
A remote attacker may be able to access arbitrary files on the server.
|
|
[Update the software]
Users of 3.x should update to version 3.2.9 or later and users of 4.x should update to version 4.0.5 or later.
For more information, refer to the developer's website.
|
|
GoPivotal
Red Hat, Inc.
NEC Corporation
- NEC Security Information : NV16-006 (in Japanese)
|
|
- Path Traversal(CWE-22) [IPA Evaluation]
|
|
- CVE-2014-3578
|
|
- JVN : JVN#49154900
- National Vulnerability Database (NVD) : CVE-2014-3578
|
|
- [2014/06/13]
Web page was published
[2014/06/17]
Affected Products : Product was modified
[2014/08/14]
CVE : CVE-ID was added
[2014/12/05]
Affected Products : Product version was modified
Solution was modified
Vendor Information : Content was added
[2015/02/24]
Vendor Information : Contents were added
References : Content was added
[2015/05/11]
Vendor Information : Content was added
[2016/06/23]
Vendor Information : Content was added
|
