Vulnerability-Lookup

CVE-2016-9878 (GCVE-0-2016-9878)

Vulnerability from cvelistv5 – Published: 2016-12-29 09:02 – Updated: 2024-08-06 03:07

Summary

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Severity ?

No CVSS data available.

CWE

Directory Traversal

Assigner

dell

References

URL

	Vendor	Product	Version
	n/a	Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5	Affected: Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5

FKIE_CVE-2016-9878

Vulnerability from fkie_nvd - Published: 2016-12-29 09:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
security_alert@emc.com	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
security_alert@emc.com	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
security_alert@emc.com	http://www.securityfocus.com/bid/95072	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1040698
security_alert@emc.com	https://access.redhat.com/errata/RHSA-2017:3115
security_alert@emc.com	https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
security_alert@emc.com	https://pivotal.io/security/cve-2016-9878	Vendor Advisory
security_alert@emc.com	https://security.netapp.com/advisory/ntap-20180419-0002/
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95072	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040698
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:3115
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
af854a3a-2127-422b-91ae-364da2661108	https://pivotal.io/security/cve-2016-9878	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180419-0002/
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Impacted products

Vendor	Product	Version
pivotal_software	spring_framework	*
pivotal_software	spring_framework	4.2.0
pivotal_software	spring_framework	4.3.0
vmware	spring_framework	3.2.1
vmware	spring_framework	3.2.2
vmware	spring_framework	3.2.3
vmware	spring_framework	3.2.4
vmware	spring_framework	3.2.5
vmware	spring_framework	3.2.6
vmware	spring_framework	3.2.7
vmware	spring_framework	3.2.8
vmware	spring_framework	3.2.9
vmware	spring_framework	3.2.10
vmware	spring_framework	3.2.11
vmware	spring_framework	3.2.12
vmware	spring_framework	3.2.13
vmware	spring_framework	3.2.14
vmware	spring_framework	3.2.15
vmware	spring_framework	3.2.16
vmware	spring_framework	3.2.17
vmware	spring_framework	4.2.1
vmware	spring_framework	4.2.2
vmware	spring_framework	4.2.3
vmware	spring_framework	4.2.4
vmware	spring_framework	4.2.5
vmware	spring_framework	4.2.6
vmware	spring_framework	4.2.7
vmware	spring_framework	4.2.8
vmware	spring_framework	4.3.1
vmware	spring_framework	4.3.2
vmware	spring_framework	4.3.3
vmware	spring_framework	4.3.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB1B0A63-180F-406F-AA21-8E008E50031F",
              "versionEndIncluding": "3.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_framework:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA248FC-6343-4A67-BFF8-A2DC07331B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_framework:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD5A3C-78AC-417D-8EE6-8AF7C54E80FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E2EA60-735E-431E-BEFE-DC5C1046E532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD1FA92-7BFC-4874-89FC-BE0F378F0DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CC0E26F-2E8B-4B30-8C43-8BD2015EBB88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB73406-5FE4-438E-BCB7-57FBF6EC38D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76F06BC-F53E-4E37-B84F-3E992D459A49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8CC0CF-61DE-4E3A-80DD-4AD34EBDF419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D49870-9E17-4049-9ABB-311C319A0E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9CE889-FBC5-4078-ABAC-8BC6CA235D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF34B57A-9732-44C8-9EC7-07394FB588F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C528FEA9-2E5E-413B-89C1-F14C67059702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C7EA42F-55C6-4934-8F60-98B7717188D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DA44C3-D083-4584-8ACC-73B234767669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D6399F2-B9D6-4097-89DB-5F4B434DFFD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD49BDC0-3431-43CF-8FF0-4A159238991B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3B36EB-205A-4173-AD67-C1C42117640F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4302B7F-458C-43BD-A42D-D690C7884D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A187E52-6C33-4525-8A17-083BC9273638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2DF06FD-CFEE-4B60-8058-B44569BE8BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C17886-44CA-4B3E-970A-94383E9A4043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00BAC01A-9C49-46B0-B71F-D4940DAE2A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D906B4B9-4881-4A13-B4CA-60DCF1FA8840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E80958-4357-4AED-96F1-4D137F3E02BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3A6AB95-34DC-4A7D-B35D-1B4388EB49A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE93D33E-984A-4E71-A7E3-453EE0BC2064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6366E283-0EED-41CD-9386-CE658AD949C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC9A3A7-8D93-407B-9338-7E84E0BE2A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0BB688-AF66-4EF3-8A94-EC308E90A64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0796B2-8B1D-40DF-B5F0-5D6082144BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB40ED54-2193-4235-A317-DA2FEA7073AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks."
    },
    {
      "lang": "es",
      "value": "Un problema fue descubierto en Pivotal Spring Framework en versiones anteriores a 3.2.18, 4.2.x en versiones anteriores a 4.2.9 y 4.3.x en versiones anteriores a 4.3.5. Las rutas proporcionadas al ResourceServlet no fueron desinfectadas adecuadamente y como resultado expuestas a ataques de salto de directorio."
    }
  ],
  "id": "CVE-2016-9878",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-29T09:59:00.820",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95072"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1040698"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2016-9878"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1040698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2016-9878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2018-AVI-191

Vulnerability from certfr_avis - Published: 2018-04-18 - Updated: 2018-04-18

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Enterprise Monitor versions 4.0.2.5168 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 3.3.7.3306 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.4.14 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.5.5 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.2.27 et antérieures
Oracle	MySQL	MySQL Server versions 5.5.59 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.3.16 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 3.4.5.4248 et antérieures
Oracle	MySQL	MySQL Server versions 5.6.39 et antérieures
Oracle	MySQL	MySQL Server versions 5.7.21 et antérieures

References

Title

Publication Time

GSD-2016-9878

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9878

Aliases

CVE-2016-9878

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9878",
    "description": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.",
    "id": "GSD-2016-9878",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-9878.html",
      "https://access.redhat.com/errata/RHSA-2017:3115",
      "https://ubuntu.com/security/CVE-2016-9878"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9878"
      ],
      "details": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.",
      "id": "GSD-2016-9878",
      "modified": "2023-12-13T01:21:21.713012Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "ID": "CVE-2016-9878",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Directory Traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040698",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040698"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180419-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
          },
          {
            "name": "https://pivotal.io/security/cve-2016-9878",
            "refsource": "CONFIRM",
            "url": "https://pivotal.io/security/cve-2016-9878"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "95072",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95072"
          },
          {
            "name": "RHSA-2017:3115",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3115"
          },
          {
            "name": "[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,3.2.18),[4.2.0,4.2.9),[4.3.0,4.3.5)",
          "affected_versions": "All versions before 3.2.18, all versions starting from 4.2.0 before 4.2.9, all versions starting from 4.3.0 before 4.3.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2021-08-30",
          "description": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.",
          "fixed_versions": [
            "3.2.18",
            "4.2.9",
            "4.3.5"
          ],
          "identifier": "CVE-2016-9878",
          "identifiers": [
            "GHSA-2m8h-fgr8-2q9w",
            "CVE-2016-9878"
          ],
          "not_impacted": "All versions starting from 3.2.18 before 4.2.0, all versions starting from 4.2.9 before 4.3.0, all versions starting from 4.3.5",
          "package_slug": "maven/org.springframework/spring-core",
          "pubdate": "2018-10-04",
          "solution": "Upgrade to versions 3.2.18, 4.2.9, 4.3.5 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-9878",
            "https://access.redhat.com/errata/RHSA-2017:3115",
            "https://github.com/advisories/GHSA-2m8h-fgr8-2q9w",
            "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html",
            "https://pivotal.io/security/cve-2016-9878",
            "https://security.netapp.com/advisory/ntap-20180419-0002/",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "http://www.securityfocus.com/bid/95072",
            "http://www.securitytracker.com/id/1040698"
          ],
          "uuid": "2d4fbbcc-405c-473b-b491-6d829bdf4019"
        },
        {
          "affected_range": "(,3.2.17.RELEASE],[4.2,4.2.8.RELEASE],[4.3,4.3.4.RELEASE]",
          "affected_versions": "All versions up to 3.2.17.release, all versions starting from 4.2 up to 4.2.8.release, all versions starting from 4.3 up to 4.3.4.release",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2018-07-18",
          "description": "Paths provided to the `ResourceServlet` were not properly sanitized and as a result exposed to directory traversal attacks.",
          "fixed_versions": [
            "3.2.18.RELEASE",
            "4.2.9.RELEASE.4.2",
            "4.3.5.RELEASE"
          ],
          "identifier": "CVE-2016-9878",
          "identifiers": [
            "CVE-2016-9878"
          ],
          "not_impacted": "All versions after 3.2.17.release before 4.2, all versions after 4.2.8.release before 4.3, all versions after 4.3.4.release",
          "package_slug": "maven/org.springframework/spring-webmvc",
          "pubdate": "2016-12-29",
          "solution": "Upgrade to versions 3.2.18.RELEASE, 4.2.9.RELEASE.4.2, 4.3.5.RELEASE or above.",
          "title": "Path Traversal",
          "urls": [
            "https://pivotal.io/security/cve-2016-9878"
          ],
          "uuid": "3655853b-2ebd-4c23-bdeb-f64b85693e46"
        },
        {
          "affected_range": "(,0)",
          "affected_versions": "None",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2018-07-18",
          "description": "This advisory has been marked as a false positive.",
          "fixed_versions": [],
          "identifier": "CVE-2016-9878",
          "identifiers": [
            "CVE-2016-9878"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.springframework/spring",
          "pubdate": "2016-12-29",
          "solution": "Nothing to be done.",
          "title": "Path Traversal",
          "urls": [
            "https://pivotal.io/security/cve-2016-9878"
          ],
          "uuid": "fe78f570-ce3d-4a14-8fa8-fd3c567e61e0"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:spring_framework:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:spring_framework:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2016-9878"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2016-9878",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pivotal.io/security/cve-2016-9878"
            },
            {
              "name": "95072",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95072"
            },
            {
              "name": "RHSA-2017:3115",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3115"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "1040698",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1040698"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0002/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-11T17:18Z",
      "publishedDate": "2016-12-29T09:59Z"
    }
  }
}

GHSA-2M8H-FGR8-2Q9W

Vulnerability from github – Published: 2018-10-04 20:29 – Updated: 2024-03-05 17:45

Summary

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-webmvc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-webmvc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0"
            },
            {
              "fixed": "4.2.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-webmvc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-9878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:52:31Z",
    "nvd_published_at": "2016-12-29T09:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.",
  "id": "GHSA-2m8h-fgr8-2q9w",
  "modified": "2024-03-05T17:45:42Z",
  "published": "2018-10-04T20:29:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/issues/19513"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2m8h-fgr8-2q9w"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2016-9878"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180419-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95072"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040698"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized"
}

CNVD-2016-13096

Vulnerability from cnvd - Published: 2016-12-27

Title

Pivotal Software Spring Framework目录遍历漏洞

Description

Pivotal Software Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Software Spring Framework中存在目录遍历漏洞，该漏洞源于程序未能正确的过滤用户提交的输入。远程攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Pivotal Software Spring Framework目录遍历漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://pivotal.io/security/cve-2016-9878

Reference

http://www.securityfocus.com/bid/95072

Impacted products

Name
['Pivotal Software Spring Framework >=4.3.0，<=4.3.4', 'Pivotal Software Spring Framework >=4.2.0，<=4.2.8', 'Pivotal Software Spring Framework >=3.2.0，<=3.2.17']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95072"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9878"
    }
  },
  "description": "Pivotal Software Spring Framework\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\u8be5\u6846\u67b6\u53ef\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u6784\u5efa\u9ad8\u8d28\u91cf\u7684\u5e94\u7528\u3002\r\n\r\nPivotal Software Spring Framework\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "NTT Data",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://pivotal.io/security/cve-2016-9878",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-13096",
  "openTime": "2016-12-27",
  "patchDescription": "Pivotal Software Spring Framework\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\u8be5\u6846\u67b6\u53ef\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u6784\u5efa\u9ad8\u8d28\u91cf\u7684\u5e94\u7528\u3002\r\n\r\nPivotal Software Spring Framework\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Software Spring Framework\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Spring Framework \u003e=4.3.0\uff0c\u003c=4.3.4",
      "Pivotal Software Spring Framework \u003e=4.2.0\uff0c\u003c=4.2.8",
      "Pivotal Software Spring Framework \u003e=3.2.0\uff0c\u003c=3.2.17"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95072",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-23",
  "title": "Pivotal Software Spring Framework\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9878 (GCVE-0-2016-9878)

FKIE_CVE-2016-9878

CERTFR-2018-AVI-191

Solution

GSD-2016-9878

GHSA-2M8H-FGR8-2Q9W

CNVD-2016-13096

Tags

Sightings

Nomenclature