1. Home
  2. Vulnerabilities
  3. CVE-2014-3578

CVE-2014-3578

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.30 % (70th)
0.30% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2015-02-19 20:59:00
(9 years ago)
Updated Date
2019-07-14 00:15:10
(5 years ago)

Affected Products

Pivotal Software

Configuration #1

    CPE23 From Up To
  Pivotal Software Spring Framework from 3.2.0 version and prior 3.2.9 version cpe:2.3:a:pivotal_software:spring_framework >= 3.2.0 < 3.2.9
  Pivotal Software Spring Framework from 4.0.0 version and prior 4.0.5 version cpe:2.3:a:pivotal_software:spring_framework >= 4.0.0 < 4.0.5