Software Detail

Software Informaton Top

Framework

Software Detail

Spring Framework

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://spring.io/projects/spring-framework
Explanation	An open source application framework for the Java platform. It can be used to develop Java applications other than web applications.
Tag	Java Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://github.com/spring-projects/spring-framework/
2			https://ja.wikipedia.org/wiki/Spring_Framework
3			https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions
4			https://spring.io/blog

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Normal Support	High	Medium
1	Spring Framework 6.0	6.1.12	Aug. 14, 2024		0	0
2	Spring Framework 5.3	5.3.39	Aug. 14, 2024		0	0
3	Spring Framework 5.3	5.3.9			0	0
4	Spring Framework 5.2	5.2.13	Feb. 17, 2021	Dec. 31, 2021	0	0
5	Spring Framework 5.2	5.2.9			0	0
6	Spring Framework 5.1			Dec. 31, 2020	0	0
7	Spring Framework 5.1	5.1.9			0	0
8	Spring Framework 5.0			Dec. 31, 2020	0	0
9	Spring Framework 5.0	5.0.9			0	0
10	Spring Framework 4.3			Dec. 31, 2020	1	0
11	Spring Framework 4.3	4.3.9			1	0
12	Spring Framework 4.2				2	0
13	Spring Framework 4.2	4.2.9			2	0
14	Spring Framework 4.1				1	3
15	Spring Framework 4.1	4.1.9			1	3
16	Spring Framework 4.0				2	3
17	Spring Framework 4.0	4.0.9			2	3
18	Spring Framework 3.2	3.2.9			3	6
19	Spring Framework 3.2			Dec. 31, 2016	3	6
20	Spring Framework 3.1	3.1.4			2	4
21	Spring Framework 3.1				2	4
22	Spring Framework 3.0	3.0.7			2	3
23	Spring Framework 3.0				2	3

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
1	5.4 3.5	MEDIUM Network	The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers …	CWE-79 Cross-site Scripting	CVE-2013-6430	cpe:2.3:a:pivotal_software:spring_framework::	3.0.0		3.2.2	2024-11-21 10:59 2020-01-10	Show	GitHub Exploit DB Packet Storm

2	7.5 5.0	HIGH Network	Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Diffe…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-5007	cpe:2.3:a:pivotal_software:spring_framework:4.2.0:* cpe:2.3:a:pivotal_software:spring_framework:4.1.0:* cpe:2.3:a…				2024-11-21 11:53 2017-05-26	Show	GitHub Exploit DB Packet Storm

3	8.8 6.8	HIGH Network	When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references…	CWE-611 XXE	CVE-2014-0225	cpe:2.3:a:pivotal_software:spring_framework:4.0.0:* cpe:2.3:a:pivotal_software:spring_framework:3.2.0:* cpe:2.3:a…				2024-11-21 11:01 2017-05-26	Show	GitHub Exploit DB Packet Storm

4	7.5 5.0	HIGH Network	An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result expose…	CWE-22 Path Traversal	CVE-2016-9878	cpe:2.3:a:pivotal_software:spring_framework:4.3.0:* cpe:2.3:a:pivotal_software:spring_framework:4.2.0:* cpe:2.3:a…		3.2.0		2024-11-21 12:01 2016-12-29	Show	GitHub Exploit DB Packet Storm

5	5.5 4.3	MEDIUM Local	Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of servi…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2015-3192	cpe:2.3:a:pivotal_software:spring_framework:4.1.0:* cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*				2024-11-21 11:28 2016-07-13	Show	GitHub Exploit DB Packet Storm

6	- 5.0	MEDIUM	The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.	CWE-254 7PK - Security Features	CVE-2015-0201	cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*				2024-11-21 11:22 2015-03-10	Show	GitHub Exploit DB Packet Storm

7	- 5.0	MEDIUM	Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.	CWE-22 Path Traversal	CVE-2014-3578	cpe:2.3:a:pivotal_software:spring_framework::	3.2.0 4.0.0		3.2.9 4.0.5	2024-11-21 11:08 2015-02-20	Show	GitHub Exploit DB Packet Storm

8	- 5.0	MEDIUM	Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspeci…	CWE-22 Path Traversal	CVE-2014-3625	cpe:2.3:a:pivotal_software:spring_framework::	3.1.0 3.2.0 4.0.0 4.1.0	3.1.4	3.2.12 4.0.8 4.1.2	2024-11-21 11:08 2014-11-21	Show	GitHub Exploit DB Packet Storm

9	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary …	CWE-79 Cross-site Scripting	CVE-2014-1904	cpe:2.3:a:pivotal_software:spring_framework::	4.0.0 3.0.0		4.0.2 3.2.8	2024-11-21 11:05 2014-03-21	Show	GitHub Exploit DB Packet Storm

10	- 6.8	MEDIUM	The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitra…	CWE-352 CWE-611 Origin Validation Error XXE	CVE-2013-6429	cpe:2.3:a:pivotal_software:spring_framework::	3.0.0	3.2.4		2024-11-21 10:59 2014-01-27	Show	GitHub Exploit DB Packet Storm