CVE-2016-9878 in Ubuntu

CVE-2016-9878

Priority

Description

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x
before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet
were not properly sanitized and as a result exposed to directory traversal
attacks.

Ubuntu-Description

It was discovered that Spring Framework incorrectly handled path inputs. An
attacker could possibly use this issue to read arbitrary files.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878
https://pivotal.io/security/cve-2016-9878
https://jira.spring.io/browse/SPR-14946

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167

Notes

Package

Source: libspring-java (LP Ubuntu Debian)

Upstream:	released (4.3.5-1)
Ubuntu 18.04 LTS:	not-affected (4.3.5-1)
Ubuntu 20.04 LTS:	not-affected (4.3.5-1)
Ubuntu 21.10:	not-affected (4.3.5-1)
Ubuntu 22.04 LTS:	not-affected (4.3.5-1)
Ubuntu 14.04 ESM:	needed

Patches:

Other:	(4.3.x
Other:	(4.2.x
Other:	(3.2.x

More Information

Updated: 2022-04-25 00:18:24 UTC (commit ecc1009cb19540b950de59270950018900f37f15)