Back to search
CVE-2016-9878
Published: Dec 29, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5 | affected Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5 |
References
1040698
vdb-entry
x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180419-0002/
x_refsource_CONFIRM
https://pivotal.io/security/cve-2016-9878
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
95072
vdb-entry
x_refsource_BID
RHSA-2017:3115
vendor-advisory
x_refsource_REDHAT
[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now