Vulnerability Description
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Spring Framework | >= 3.1.0, <= 3.1.4 |
| Vmware | Spring Framework | >= 3.0.4, <= 3.0.7 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-0236.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0720.htmlThird Party Advisory
- http://www.pivotal.io/security/cve-2014-3625Vendor Advisory
- https://jira.spring.io/browse/SPR-12354Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2015-0236.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0720.htmlThird Party Advisory
- http://www.pivotal.io/security/cve-2014-3625Vendor Advisory
- https://jira.spring.io/browse/SPR-12354Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
FAQ
What is CVE-2014-3625?
CVE-2014-3625 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecif...
How severe is CVE-2014-3625?
CVE-2014-3625 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3625?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Spring Framework, Vmware Spring Framework.