Candidate: CVE-2014-3625
PublicDate: 2014-11-20 17:50:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3625
 https://github.com/spring-projects/spring-framework/commit/3f68cd
 http://www.pivotal.io/security/cve-2014-3625
Description:
 Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through
 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows
 remote attackers to read arbitrary files via unspecified vectors, related
 to static resource handling.
Ubuntu-Description:
 It was discovered that Spring Framework incorrectly handled inputs. A remote
 attacker could possibly use this issue to read arbitrary files.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769698
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libspring-java:
upstream_libspring-java: needs-triage
lucid_libspring-java: DNE
precise_libspring-java: ignored (reached end-of-life)
precise/esm_libspring-java: DNE (precise was needs-triage)
trusty_libspring-java: ignored (out of standard support)
trusty/esm_libspring-java: needed
utopic_libspring-java: ignored (reached end-of-life)
vivid_libspring-java: ignored (reached end-of-life)
vivid/stable-phone-overlay_libspring-java: DNE
vivid/ubuntu-core_libspring-java: DNE
wily_libspring-java: ignored (reached end-of-life)
xenial_libspring-java: not-affected (3.2.12-1)
yakkety_libspring-java: ignored (reached end-of-life)
zesty_libspring-java: ignored (reached end-of-life)
artful_libspring-java: ignored (reached end-of-life)
bionic_libspring-java: not-affected (3.2.12-1)
cosmic_libspring-java: not-affected (3.2.12-1)
disco_libspring-java: not-affected (3.2.12-1)
eoan_libspring-java: not-affected (3.2.12-1)
focal_libspring-java: not-affected (3.2.12-1)
groovy_libspring-java: not-affected (3.2.12-1)
hirsute_libspring-java: not-affected (3.2.12-1)
impish_libspring-java: not-affected (3.2.12-1)
jammy_libspring-java: not-affected (3.2.12-1)
devel_libspring-java: not-affected (3.2.12-1)