CVE-2014-3625: Path Traversal
First published: Thu Nov 20 2014(Updated: )
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/spring-webmvc | <3.2.12 | 3.2.12 |
| redhat/spring-webmvc | <4.0.8 | 4.0.8 |
| redhat/spring-webmvc | <4.1.2 | 4.1.2 |
| Pivotal Software Spring Framework | >=3.1.0<=3.1.4 | |
| Pivotal Software Spring Framework | >=3.2.0<3.2.12 | |
| Pivotal Software Spring Framework | >=4.0.0<4.0.8 | |
| Pivotal Software Spring Framework | >=4.1.0<4.1.2 | |
| VMware Spring Framework | >=3.0.4<=3.0.7 | |
| maven/org.springframework:spring-webmvc | >=4.1.0<4.1.2 | 4.1.2 |
| maven/org.springframework:spring-webmvc | >=4.0.0<4.0.8 | 4.0.8 |
| maven/org.springframework:spring-webmvc | >=3.0.4<3.2.12 | 3.2.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3625.yaml
- https://jira.spring.io/browse/SPR-12354
- https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
- https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
- https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
- https://rhn.redhat.com/errata/RHSA-2015-0235.html
- https://rhn.redhat.com/errata/RHSA-2015-0234.html
- https://rhn.redhat.com/errata/RHSA-2015-0236.html
- https://rhn.redhat.com/errata/RHSA-2015-0720.html
- https://access.redhat.com/support/policy/updates/jboss_notes/
- https://bugzilla.redhat.com/show_bug.cgi?id=1165936
- http://rhn.redhat.com/errata/RHSA-2015-0236.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://www.pivotal.io/security/cve-2014-3625
- https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-3625
- https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
- https://github.com/advisories/GHSA-hhm4-hwq6-3c6w (Advisory)
- collector/redhat-bugzilla
- alias/CVE-2014-3625
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hhm4-hwq6-3c6w
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/pivotal software
- canonical/pivotal software spring framework
- version/pivotal software spring framework/3.1.0
- version/pivotal software spring framework/3.1.4
- version/pivotal software spring framework/3.2.0
- version/pivotal software spring framework/4.0.0
- version/pivotal software spring framework/4.1.0
- vendor/vmware
- canonical/vmware spring framework
- version/vmware spring framework/3.0.4
- version/vmware spring framework/3.0.7
- package-manager/maven