Pivotal Software Spring Framework 3.0.4

CPE Details

Pivotal Software Spring Framework 3.0.4
pivotal_software
spring_framework
3.0.4
2017-12-18
12h40 +00:00
2022-04-11
15h14 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pivotal_software:spring_framework:3.0.4:*:*:*:*:*:*:*

Informations

Vendor

pivotal_software

Product

spring_framework

Version

3.0.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2013-6430 2020-01-10 12h28 +00:00 The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
5.4
Medium
CVE-2016-9878 2016-12-29 08h02 +00:00 An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
7.5
High
CVE-2014-1904 2014-03-20 15h00 +00:00 Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
4.3
CVE-2013-6429 2014-01-26 10h00 +00:00 The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
6.8