Vulnerability Details CVE-2014-3625
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.292
EPSS Ranking 96.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://rhn.redhat.com/errata/RHSA-2015-0236.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://www.pivotal.io/security/cve-2014-3625
- https://jira.spring.io/browse/SPR-12354
- https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2015-0236.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://www.pivotal.io/security/cve-2014-3625
- https://jira.spring.io/browse/SPR-12354
- https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
Products affected by CVE-2014-3625
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.0
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.1
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.2
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.3
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.4
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.0
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.1
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.10
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.11
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.2
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.3
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.4
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.5
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.6
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.7
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.8
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.9
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.0
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.1
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.2
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.3
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.4
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.5
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.6
-
cpe:2.3:a:pivotal_software:spring_framework:4.0.7
-
cpe:2.3:a:pivotal_software:spring_framework:4.1.0
-
cpe:2.3:a:pivotal_software:spring_framework:4.1.1
-
cpe:2.3:a:vmware:spring_framework:3.0.4
-
cpe:2.3:a:vmware:spring_framework:3.0.5
-
cpe:2.3:a:vmware:spring_framework:3.0.6
-
cpe:2.3:a:vmware:spring_framework:3.0.7