| Vulnerability Name: | CVE-2014-3625 (CCN-99872) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2014-11-14 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2014-11-14 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-04-11 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3625 Source: REDHAT Type: Third Party Advisory RHSA-2015:0236 Source: REDHAT Type: Third Party Advisory RHSA-2015:0720 Source: CCN Type: IBM Security Bulletin 1997872 (Security Guardium) OpenSource GoPivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2014-3578, CVE-2014-3625) Source: CCN Type: IBM Security Bulletin 1999040 (Tivoli Application Dependency Discovery Manager) Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) Source: CCN Type: IBM Security Bulletin 1999395 (Security QRadar SIEM) Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's Source: CCN Type: IBM Security Bulletin 2002110 (Interact) Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625) Source: CCN Type: IBM Security Bulletin 2005279 (WebSphere Portal) Multiple Vulnerabilities affect IBM WebSphere Portal Rich Media Edition Source: CCN Type: IBM Security Bulletin 2013753 (Security Guardium Big Data Intelligence) IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities Source: CCN Type: Pivotal Web site CVE-2014-3625 Directory Traversal in Spring Framework Source: CONFIRM Type: Vendor Advisory http://www.pivotal.io/security/cve-2014-3625 Source: XF Type: UNKNOWN springframework-cve20143625-dir-traversal(99872) Source: CONFIRM Type: Third Party Advisory https://jira.spring.io/browse/SPR-12354 Source: MLIST Type: UNKNOWN [debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-3625 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||