Vulnerability Description
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Fusion Middleware | 7.6.2 |
| Springsource | Spring Framework | 2.5.0 |
Related Weaknesses (CWE)
References
- http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.htmlVendor Advisory
- http://geronimo.apache.org/21x-security-report.htmlVendor Advisory
- http://geronimo.apache.org/22x-security-report.htmlVendor Advisory
- http://secunia.com/advisories/41016
- http://secunia.com/advisories/41025
- http://secunia.com/advisories/43087
- http://www.exploit-db.com/exploits/13918Exploit
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.redhat.com/support/errata/RHSA-2011-0175.html
- http://www.securityfocus.com/archive/1/511877Exploit
- http://www.securityfocus.com/bid/40954
- http://www.securitytracker.com/id/1033898
- http://www.springsource.com/security/cve-2010-1622ExploitVendor Advisory
- http://www.vupen.com/english/advisories/2011/0237
- http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.htmlVendor Advisory
FAQ
What is CVE-2010-1622?
CVE-2010-1622 is a vulnerability with a CVSS score of 6.0 (MEDIUM). SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoad...
How severe is CVE-2010-1622?
CVE-2010-1622 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1622?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Fusion Middleware, Springsource Spring Framework.