| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-5211 | 9.3 |
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch scrip
|
05-06-2022 - 03:44 | 25-05-2017 - 17:29 | |
| CVE-2016-9878 | 5.0 |
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
|
11-04-2022 - 17:18 | 29-12-2016 - 09:59 | |
| CVE-2015-3192 | 4.3 |
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) vi
|
11-04-2022 - 17:18 | 12-07-2016 - 19:59 | |
| CVE-2014-3625 | 5.0 |
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
|
11-04-2022 - 17:16 | 20-11-2014 - 17:50 | |
| CVE-2014-3578 | 5.0 |
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
|
14-07-2019 - 00:15 | 19-02-2015 - 20:59 |