2016-12-29 10:59:00 2018-07-19 03:29:05

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Pivotal software Spring framework 4.3.4 (not an official CPE) Pivotal software Spring framework 4.3.3 (not an official CPE) Pivotal software Spring framework 4.3.2 (not an official CPE) Pivotal software Spring framework 4.3.1 (not an official CPE) Pivotal software Spring framework 4.3.0 (not an official CPE) Pivotal software Spring framework 4.2.8 (not an official CPE) Pivotal software Spring framework 4.2.7 (not an official CPE) Pivotal software Spring framework 4.2.6 (not an official CPE) Pivotal software Spring framework 4.2.5 (not an official CPE) Pivotal software Spring framework 4.2.4 (not an official CPE) Pivotal software Spring framework 4.2.3 (not an official CPE) Pivotal software Spring framework 4.2.2 (not an official CPE) Pivotal software Spring framework 4.2.1 (not an official CPE) Pivotal software Spring framework 4.2.0 (not an official CPE) Pivotal software Spring framework 3.2.17 (not an official CPE) Pivotal software Spring framework 3.2.16 (not an official CPE) Pivotal software Spring framework 3.2.15 (not an official CPE) Pivotal software Spring framework 3.2.14 (not an official CPE) Pivotal software Spring framework 3.2.13 (not an official CPE) Pivotal software Spring framework 3.2.12 (not an official CPE) Pivotal software Spring framework 3.2.11 (not an official CPE) Pivotal software Spring framework 3.2.10 (not an official CPE) Pivotal software Spring framework 3.2.9 (not an official CPE) Pivotal software Spring framework 3.2.8 (not an official CPE) Pivotal software Spring framework 3.2.7 (not an official CPE) Pivotal software Spring framework 3.2.6 (not an official CPE) Pivotal software Spring framework 3.2.5 (not an official CPE) Pivotal software Spring framework 3.2.4 (not an official CPE) Pivotal software Spring framework 3.2.3 (not an official CPE) Pivotal software Spring framework 3.2.2 (not an official CPE) Pivotal software Spring framework 3.2.1 (not an official CPE) Pivotal software Spring framework 3.2.0 (not an official CPE)