CVE-2014-3578
Published: 19 February 2015
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
From the Ubuntu Security Team
It was discovered that Spring Framework incorrectly handled URL inputs. An attacker could possibly use this issue to read arbitrary files.
Priority
Status
Package | Release | Status |
---|---|---|
libspring-java Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(3.2.12-1)
|
|
cosmic |
Not vulnerable
(3.2.12-1)
|
|
disco |
Not vulnerable
(3.2.12-1)
|
|
eoan |
Not vulnerable
(3.2.12-1)
|
|
focal |
Not vulnerable
(3.2.12-1)
|
|
groovy |
Not vulnerable
(3.2.12-1)
|
|
hirsute |
Not vulnerable
(3.2.12-1)
|
|
impish |
Not vulnerable
(3.2.12-1)
|
|
jammy |
Not vulnerable
(3.2.12-1)
|
|
lucid |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(3.0.6.RELEASE-13ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(3.2.12-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|