First published: Fri Apr 06 2018(Updated: )
Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to configure Spring MVC to serve static resources.
Credit: security_alert@emc.com security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/springframework | <5.05 | 5.05 |
redhat/springframework | <4.3.15 | 4.3.15 |
maven/org.springframework:spring-core | <4.3.15 | 4.3.15 |
maven/org.springframework:spring-core | >=5.0.0<5.0.5 | 5.0.5 |
VMware Spring Framework | >=4.3.0<4.3.15 | |
VMware Spring Framework | >=5.0.0<5.0.5 | |
Oracle Application Testing Suite | =12.5.0.3 | |
Oracle Application Testing Suite | =13.1.0.1 | |
Oracle Application Testing Suite | =13.2.0.1 | |
Oracle Application Testing Suite | =13.3.0.1 | |
Oracle Big Data Discovery | =1.6.0 | |
Oracle Communications Converged Application Server | <7.0.0.1 | |
Oracle Communications Diameter Signaling Router | <8.3 | |
Oracle Communications Performance Intelligence Center | <10.2.1 | |
Oracle Communications Policy Management | =12.5.0 | |
Oracle Communications Services Gatekeeper | <6.1.0.4.0 | |
Oracle Enterprise Manager Ops Center | =12.2.2 | |
Oracle Enterprise Manager Ops Center | =12.3.3 | |
Oracle Goldengate For Big Data | =12.2.0.1 | |
Oracle Goldengate For Big Data | =12.3.1.1 | |
Oracle Goldengate For Big Data | =12.3.2.1 | |
Oracle Health Sciences Information Manager | =3.0 | |
Oracle Healthcare Master Person Index | =3.0 | |
Oracle Healthcare Master Person Index | =4.0 | |
Oracle Insurance Calculation Engine | >=11.0.0<=11.3.1 | |
Oracle Insurance Calculation Engine | =10.1.1 | |
Oracle Insurance Calculation Engine | =10.2 | |
Oracle Insurance Calculation Engine | =10.2.1 | |
Oracle Insurance Rules Palette | =10.0 | |
Oracle Insurance Rules Palette | =10.1 | |
Oracle Insurance Rules Palette | =10.2 | |
Oracle Insurance Rules Palette | =11.0 | |
Oracle Insurance Rules Palette | =11.1 | |
Oracle Primavera Gateway | =15.2 | |
Oracle Primavera Gateway | =16.2 | |
Oracle Primavera Gateway | =17.12 | |
Oracle Rapid Planning | =12.1 | |
Oracle Rapid Planning | =12.2 | |
Oracle Retail Back Office | =14.0 | |
Oracle Retail Back Office | =14.1 | |
Oracle Retail Central Office | =14.0 | |
Oracle Retail Central Office | =14.1 | |
Oracle Retail Customer Insights | =15.0 | |
Oracle Retail Customer Insights | =16.0 | |
Oracle Retail Integration Bus | =14.0.1 | |
Oracle Retail Integration Bus | =14.0.2 | |
Oracle Retail Integration Bus | =14.0.3 | |
Oracle Retail Integration Bus | =14.0.4 | |
Oracle Retail Integration Bus | =14.1.1 | |
Oracle Retail Integration Bus | =14.1.2 | |
Oracle Retail Integration Bus | =14.1.3 | |
Oracle Retail Integration Bus | =15.0.0.1 | |
Oracle Retail Integration Bus | =15.0.1 | |
Oracle Retail Integration Bus | =15.0.2 | |
Oracle Retail Integration Bus | =16.0 | |
Oracle Retail Integration Bus | =16.0.1 | |
Oracle Retail Integration Bus | =16.0.2 | |
Oracle Retail Open Commerce Platform | =5.3.0 | |
Oracle Retail Open Commerce Platform | =6.0.0 | |
Oracle Retail Open Commerce Platform | =6.0.1 | |
Oracle Retail Order Broker | =5.1 | |
Oracle Retail Order Broker | =5.2 | |
Oracle Retail Order Broker | =15.0 | |
Oracle Retail Order Broker | =16.0 | |
Oracle Retail Point-of-sale | =14.0 | |
Oracle Retail Point-of-sale | =14.1 | |
Oracle Retail Predictive Application Server | =14.0 | |
Oracle Retail Predictive Application Server | =14.1 | |
Oracle Retail Predictive Application Server | =15.0 | |
Oracle Retail Predictive Application Server | =16.0 | |
Oracle Retail Returns Management | =14.0 | |
Oracle Retail Returns Management | =14.1 | |
Oracle Retail Xstore Point of Service | =7.1 | |
Oracle Service Architecture Leveraging Tuxedo | =12.1.3.0.0 | |
Oracle Service Architecture Leveraging Tuxedo | =12.2.2.0.0 | |
Oracle Tape Library Acsls | =8.4 | |
IBM GDE | <=3.0.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.