CVE-2014-3578 — MEDIUM (5.0)

Q: What is CVE-2014-3578?

CVE-2014-3578 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Q: How severe is CVE-2014-3578?

CVE-2014-3578 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3578?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Spring Framework.

Vulnerability Description

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pivotal Software	Spring Framework	>= 3.2.0, < 3.2.9

Related Weaknesses (CWE)

CWE-22

References

http://jvn.jp/en/jp/JVN49154900/index.htmlThird Party AdvisoryVDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054Third Party AdvisoryVDB Entry
http://pivotal.io/security/cve-2014-3578Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0720.htmlThird Party Advisory
http://www.securityfocus.com/bid/68042Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1131882Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
https://rhn.redhat.com/errata/RHSA-2015-0234.htmlThird Party Advisory
https://rhn.redhat.com/errata/RHSA-2015-0235.htmlThird Party Advisory
http://jvn.jp/en/jp/JVN49154900/index.htmlThird Party AdvisoryVDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054Third Party AdvisoryVDB Entry
http://pivotal.io/security/cve-2014-3578Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0720.htmlThird Party Advisory
http://www.securityfocus.com/bid/68042Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1131882Issue TrackingThird Party Advisory

FAQ

What is CVE-2014-3578?

CVE-2014-3578 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

How severe is CVE-2014-3578?

CVE-2014-3578 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3578?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Spring Framework.