Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3578

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-3578
Last Modified 27 Mar 2015 09:59:28
Published 19 Feb 2015 03:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-3578

Summary

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Vulnerable Systems

Application

  • Pivotal Spring Framework 3.0.4

  • Pivotal Spring Framework 3.0.5

  • Pivotal Spring Framework 3.0.6

  • Pivotal Spring Framework 3.0.7

  • Pivotal Spring Framework 3.1.0

  • Pivotal Spring Framework 3.1.1

  • Pivotal Spring Framework 3.1.2

  • Pivotal Spring Framework 3.1.3

  • Pivotal Spring Framework 3.1.4

  • Pivotal Spring Framework 3.2.0

  • Pivotal Spring Framework 3.2.1

  • Pivotal Spring Framework 3.2.10

  • Pivotal Spring Framework 3.2.11

  • Pivotal Spring Framework 3.2.2

  • Pivotal Spring Framework 3.2.3

  • Pivotal Spring Framework 3.2.4

  • Pivotal Spring Framework 3.2.5

  • Pivotal Spring Framework 3.2.6

  • Pivotal Spring Framework 3.2.7

  • Pivotal Spring Framework 3.2.8

  • Pivotal Spring Framework 4.0.0

  • Pivotal Spring Framework 4.0.1

  • Pivotal Spring Framework 4.0.2

  • Pivotal Spring Framework 4.0.3

  • Pivotal Spring Framework 4.0.4


References

REDHAT - RHSA-2015:0235

REDHAT - RHSA-2015:0234

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1131882

MISC - http://pivotal.io/security/cve-2014-3578

JVNDB - JVNDB-2014-000054

JVN - JVN#49154900

REDHAT - RHSA-2015:0720


Last Updated: 27 May 2016 11:07:54