Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2730

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2730
Last Modified 17 Jan 2015 09:59:04
Published 05 Dec 2012 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2730

Summary

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Systems

Application

  • Springsource Spring Framework 2.5.0

  • Springsource Spring Framework 2.5.1

  • Springsource Spring Framework 2.5.2

  • Springsource Spring Framework 2.5.3

  • Springsource Spring Framework 2.5.4

  • Springsource Spring Framework 2.5.5

  • Springsource Spring Framework 2.5.6

  • Springsource Spring Framework 2.5.7

  • Springsource Spring Framework 2.5.7 Sr01

  • Springsource Spring Framework 3.0.0

  • Springsource Spring Framework 3.0.1

  • Springsource Spring Framework 3.0.2

  • Springsource Spring Framework 3.0.3

  • Springsource Spring Framework 3.0.4

  • Springsource Spring Framework 3.0.5


References

MISC - https://docs.google.com/document/d/1dc1xxO8UMFaGLOwgkykYdghGWm_2Gn0iCrxFsympqcE/edit

DEBIAN - DSA-2504

CONFIRM - http://support.springsource.com/security/cve-2011-2730

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

SECUNIA - 52054

SECUNIA - 51984

REDHAT - RHSA-2013:0221

REDHAT - RHSA-2013:0198

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0194

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191

SECTRACK - 1029151

SECUNIA - 55155

REDHAT - RHSA-2013:0533


Last Updated: 27 May 2016 11:01:27