Spring Framework Multiple Remote Vulnerabilities
BID:30263
Info
Spring Framework Multiple Remote Vulnerabilities
| Bugtraq ID: | 30263 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 16 2008 12:00AM |
| Updated: | Jul 17 2008 09:48PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Spring Framework Spring 1.2.6 Spring Framework Spring 1.2.4 Spring Framework Spring 1.2.1 Spring Framework Spring 1.2 Spring Framework Spring 1.1.4 |
| Not Vulnerable: | |
Discussion
Spring Framework Multiple Remote Vulnerabilities
Spring Framework is prone to two remote vulnerabilities:
1. A security vulnerability may allow unauthorized attackers to add or modify data contained in forms.
2. A security vulnerability may allow unauthorized attackers to access arbitrary files on the webserver.
Attackers can exploit these issues to gain unauthorized access to files on the webserver or compromise the affected application.
Spring Framework is prone to two remote vulnerabilities:
1. A security vulnerability may allow unauthorized attackers to add or modify data contained in forms.
2. A security vulnerability may allow unauthorized attackers to access arbitrary files on the webserver.
Attackers can exploit these issues to gain unauthorized access to files on the webserver or compromise the affected application.
Exploit / POC
Spring Framework Multiple Remote Vulnerabilities
An attacker can exploit these issues through a browser.
An attacker can exploit these issues through a browser.
Solution / Fix
Spring Framework Multiple Remote Vulnerabilities
Solution:
The vendor has released an update. Please contact the vendor for details.
Solution:
The vendor has released an update. Please contact the vendor for details.
References
Spring Framework Multiple Remote Vulnerabilities
References:
References:
- Spring Framework Homepage (Spring)
- 7/7/2008: Spring MVC Security Advisory (SpringSource)