CVE-2014-3578

Current Description

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Basic Data

PublishedFebruary 19, 2015
Last ModifiedJuly 14, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPivotal SoftwareSpring Framework********3.2.03.2.9
    2.3ApplicationPivotal SoftwareSpring Framework********4.0.04.0.5

Vulnerable Software List

VendorProductVersions
Pivotal Software Spring Framework *

References

NameSourceURLTags
JVN#49154900http://jvn.jp/en/jp/JVN49154900/index.htmlJVNThird Party Advisory VDB Entry
JVNDB-2014-000054http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054JVNDBThird Party Advisory VDB Entry
http://pivotal.io/security/cve-2014-3578http://pivotal.io/security/cve-2014-3578MISCVendor Advisory
RHSA-2015:0720http://rhn.redhat.com/errata/RHSA-2015-0720.htmlREDHATThird Party Advisory
68042http://www.securityfocus.com/bid/68042BIDThird Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1131882https://bugzilla.redhat.com/show_bug.cgi?id=1131882CONFIRMIssue Tracking Third Party Advisory
[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security updatehttps://lists.debian.org/debian-lts-announce/2019/07/msg00012.htmlMLIST
RHSA-2015:0234https://rhn.redhat.com/errata/RHSA-2015-0234.htmlREDHATThird Party Advisory
RHSA-2015:0235https://rhn.redhat.com/errata/RHSA-2015-0235.htmlREDHATThird Party Advisory