Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-3625

Date: November 20, 2014

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Language: Java

Severity Score

Related Resources (12)

http://www.pivotal.io/security/cve-2014-3625
https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
https://nvd.nist.gov/vuln/detail/CVE-2014-3625
https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
https://jira.spring.io/browse/SPR-12354
https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://github.com/spring-projects/spring-framework
http://rhn.redhat.com/errata/RHSA-2015-0236.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
https://www.mend.io/vulnerability-database/CVE-2014-3625

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us