Spring Framework Multiple XML Entity References Information Disclosure Vulnerabilities

Last Update Date: 28 Aug 2013 09:29 Release Date: 28 Aug 2013 3791 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities have been identified in Spring Framework, which can be exploited by malicious people to disclose potentially sensitive information.

 

The vulnerabilities are caused due to an error when processing XML data, which can be exploited to e.g. disclose contents of certain local files by sending specially crafted XML data including external entity references.

Impact

  • Information Disclosure

System / Technologies affected

  • Versions 3.0.0 through to 3.2.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 3.2.4 or later

Vulnerability Identifier

Source

Related Link

Share with

Previous

RealPlayer Multiple Vulnerabilities

27 Aug 2013 3878 Views

Next

Asterisk Multiple Vulnerabilities

29 Aug 2013 3965 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY