csaf_redhat - rhsa-2011

rhsa-2011_0175

Vulnerability from csaf_redhat

Published

2011-01-25 15:30

Modified

2024-11-22 03:36

Summary

Red Hat Security Advisory: JBoss Web Framework Kit 1.0.0 removal

Notes

Topic

JBoss Web Framework Kit 1.0.0 contains a security flaw and should no longer be used. This update removes the JBoss Web Framework Kit 1.0.0 packages. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The spring2 packages shipped as part of JBoss Web Framework Kit 1.0.0 are vulnerable to a security flaw that could allow a remote attacker to execute arbitrary code via a specially-crafted HTTP request. (CVE-2010-1622) This update removes the JBoss Web Framework Kit 1.0.0 packages. JBoss Web Framework Kit 1.0.0 RPMs and updates will no longer be available from the Red Hat Network. Registered users wishing to continue to use the JBoss Web Framework Kit are advised to download the latest version, 1.1.0, from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/ Future updates for JBoss Web Framework Kit will be made available only through the Red Hat Customer Portal. Note that JBoss Web Framework Kit 1.1.0 from the Customer Portal does not include the Spring framework, and is therefore not affected by the CVE-2010-1622 issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "JBoss Web Framework Kit 1.0.0 contains a security flaw and should no\nlonger be used. This update removes the JBoss Web Framework Kit 1.0.0\npackages.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications.\n\nThe spring2 packages shipped as part of JBoss Web Framework Kit 1.0.0 are\nvulnerable to a security flaw that could allow a remote attacker to\nexecute arbitrary code via a specially-crafted HTTP request.\n(CVE-2010-1622)\n\nThis update removes the JBoss Web Framework Kit 1.0.0 packages. JBoss Web\nFramework Kit 1.0.0 RPMs and updates will no longer be available from the\nRed Hat Network.\n\nRegistered users wishing to continue to use the JBoss Web Framework Kit are\nadvised to download the latest version, 1.1.0, from the Red Hat Customer\nPortal:\n\nhttps://access.redhat.com/jbossnetwork/\n\nFuture updates for JBoss Web Framework Kit will be made available only\nthrough the Red Hat Customer Portal. Note that JBoss Web Framework Kit\n1.1.0 from the Customer Portal does not include the Spring framework, and\nis therefore not affected by the CVE-2010-1622 issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:0175",
        "url": "https://access.redhat.com/errata/RHSA-2011:0175"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/",
        "url": "https://access.redhat.com/jbossnetwork/"
      },
      {
        "category": "external",
        "summary": "http://docs.redhat.com/docs/en-US/JBoss_Web_Framework_Kit/1.1/html/Release_Notes_1.1.0/Installation_Notes.html",
        "url": "http://docs.redhat.com/docs/en-US/JBoss_Web_Framework_Kit/1.1/html/Release_Notes_1.1.0/Installation_Notes.html"
      },
      {
        "category": "external",
        "summary": "606706",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606706"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0175.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Web Framework Kit 1.0.0 removal",
    "tracking": {
      "current_release_date": "2024-11-22T03:36:50+00:00",
      "generator": {
        "date": "2024-11-22T03:36:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:0175",
      "initial_release_date": "2011-01-25T15:30:00+00:00",
      "revision_history": [
        {
          "date": "2011-01-25T15:30:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-01-25T10:34:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:36:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 AS",
                  "product_id": "4AS-JBWFK-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_web_framework_kit:1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 ES",
                  "product_id": "4ES-JBWFK-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_web_framework_kit:1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Framework Kit 1.0.0 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Web Framework Kit 1.0.0 for RHEL 5 Server",
                  "product_id": "5Server-JBWFK-1.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_web_framework_kit:1::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Framework Kit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
                "product": {
                  "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
                  "product_id": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-wfk-1.0.0-uninstall@1.0.0-3.ep5.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src",
                "product": {
                  "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src",
                  "product_id": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-wfk-1.0.0-uninstall@1.0.0-3.ep5.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
                "product": {
                  "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
                  "product_id": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-wfk-1.0.0-uninstall@1.0.0-3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch",
                "product": {
                  "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch",
                  "product_id": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-wfk-1.0.0-uninstall@1.0.0-3.ep5.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch as a component of Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 AS",
          "product_id": "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch"
        },
        "product_reference": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBWFK-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src as a component of Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 AS",
          "product_id": "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src"
        },
        "product_reference": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
        "relates_to_product_reference": "4AS-JBWFK-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch as a component of Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 ES",
          "product_id": "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch"
        },
        "product_reference": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBWFK-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src as a component of Red Hat JBoss Web Framework Kit 5.0.0 for RHEL 4 ES",
          "product_id": "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src"
        },
        "product_reference": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
        "relates_to_product_reference": "4ES-JBWFK-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch as a component of Red Hat JBoss Web Framework Kit 1.0.0 for RHEL 5 Server",
          "product_id": "5Server-JBWFK-1.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch"
        },
        "product_reference": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBWFK-1.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src as a component of Red Hat JBoss Web Framework Kit 1.0.0 for RHEL 5 Server",
          "product_id": "5Server-JBWFK-1.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src"
        },
        "product_reference": "jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src",
        "relates_to_product_reference": "5Server-JBWFK-1.0.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-1622",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "discovery_date": "2010-06-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "5Server-JBWFK-1.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch",
            "5Server-JBWFK-1.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "606706"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "3.0.3): Arbitrary Java code execution via an HTTP request containing a specially-crafted .jar file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of the SpringSource Spring Framework, as shipped with JBoss Enterprise Application Platform v4.2.0, v4.3.0, or v.5.0.0.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
          "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
          "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
          "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src"
        ],
        "known_not_affected": [
          "5Server-JBWFK-1.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.noarch",
          "5Server-JBWFK-1.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-1622"
        },
        {
          "category": "external",
          "summary": "RHBZ#606706",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606706"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1622",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-1622"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1622",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1622"
        }
      ],
      "release_date": "2010-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-01-25T15:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
            "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
            "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
            "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:0175"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
            "4AS-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src",
            "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.noarch",
            "4ES-JBWFK-5.0.0:jboss-wfk-1.0.0-uninstall-0:1.0.0-3.ep5.el4.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "3.0.3): Arbitrary Java code execution via an HTTP request containing a specially-crafted .jar file"
    }
  ]
}

cve-2010-1622

Vulnerability from cvelistv5

Published

2010-06-21 16:00

Modified

2024-08-07 01:28

Severity ?

Summary

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

References

▼	URL	Tags
	http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0237	vdb-entry, x_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/13918	exploit, x_refsource_EXPLOIT-DB
	http://secunia.com/advisories/43087	third-party-advisory, x_refsource_SECUNIA
	http://www.springsource.com/security/cve-2010-1622	x_refsource_CONFIRM
	http://secunia.com/advisories/41025	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0175.html	vendor-advisory, x_refsource_REDHAT
	http://geronimo.apache.org/22x-security-report.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/40954	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/41016	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id/1033898	vdb-entry, x_refsource_SECTRACK
	http://geronimo.apache.org/21x-security-report.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/511877	mailing-list, x_refsource_BUGTRAQ

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:42.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
          },
          {
            "name": "ADV-2011-0237",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "13918",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/13918"
          },
          {
            "name": "43087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43087"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.springsource.com/security/cve-2010-1622"
          },
          {
            "name": "41025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41025"
          },
          {
            "name": "RHSA-2011:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://geronimo.apache.org/22x-security-report.html"
          },
          {
            "name": "40954",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40954"
          },
          {
            "name": "41016",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41016"
          },
          {
            "name": "1033898",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://geronimo.apache.org/21x-security-report.html"
          },
          {
            "name": "20100618 CVE-2010-1622: Spring Framework execution of arbitrary code",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511877"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
        },
        {
          "name": "ADV-2011-0237",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "13918",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/13918"
        },
        {
          "name": "43087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43087"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.springsource.com/security/cve-2010-1622"
        },
        {
          "name": "41025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41025"
        },
        {
          "name": "RHSA-2011:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://geronimo.apache.org/22x-security-report.html"
        },
        {
          "name": "40954",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40954"
        },
        {
          "name": "41016",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41016"
        },
        {
          "name": "1033898",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://geronimo.apache.org/21x-security-report.html"
        },
        {
          "name": "20100618 CVE-2010-1622: Spring Framework execution of arbitrary code",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511877"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1622",
    "datePublished": "2010-06-21T16:00:00",
    "dateReserved": "2010-04-29T00:00:00",
    "dateUpdated": "2024-08-07T01:28:42.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted