VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Vmware
>
Spring Framework
> 4.2.8
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2018-05-11
CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware
redhat
oracle
6.5
6.5
2018-04-06
CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware
oracle
redhat
debian
critical
9.8
9.8
2017-05-25
CVE-2016-5007
Permissions, Privileges, and Access Controls vulnerability in multiple products
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively.
network
low complexity
pivotal-software
vmware
CWE-264
7.5
7.5
2016-12-29
CVE-2016-9878
Path Traversal vulnerability in multiple products
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5.
network
low complexity
pivotal-software
vmware
CWE-22
7.5
7.5
«
Previous
1
2
(current)
»