HIGH | NOVEMBER 12, 2015 | CVE-2015-5258
Description Affected Spring Products and Versions Mitigation Credit The issue was first found by Kris Bosch from Include Security. Paul Ambrosini from sourceclear (https://srcclr.com) then identified the root cause, vulnerable library and vulnerable code…
HIGH | OCTOBER 15, 2015 | CVE-2015-5211
Description Affected Spring Products and Versions Mitigation Credit RFD attacks were described by Trustwave in a paper. The issue in the Spring Framework was responsibly reported to Pivotal by Alvaro Muñoz from HPE Security Research. Special thanks to Toshiaki…
LOW | JUNE 30, 2015 | CVE-2015-3192
Description Affected Spring Products and Versions Mitigation Credit This issue was identified responsibly and reported to Pivotal by Toshiaki Maki of NTT DATA Corporation who also helped to develop and test the solution. References https://jira.spring.io…
LOW | MARCH 06, 2015 | CVE-2015-0201
Description Affected Spring Products and Versions Mitigation Credit Philippe Arteau found and responsibly reported the problem to Pivotal. References https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545 https…
MEDIUM | NOVEMBER 11, 2014 | CVE-2014-3625
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by Toshiaki Maki of NTT DATA Corporation and responsibly reported to Pivotal. References https://jira.spring.io/browse/SPR-12354 https://github.com/spring-projects…
MEDIUM | SEPTEMBER 05, 2014 | CVE-2014-3578
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by Takeshi Terada of Mitsui Bussan Secure Directions, Inc. and reported to Pivotal via JPCERT/CC. Information that additional versions were affected was discovered by…
HIGH | AUGUST 15, 2014 | CVE-2014-3527
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by David Ohsie and brought to our attention by the CAS Development team. References http://spring.io/blog/2014/08/15/cve-2014-3527-fixed-in-spring-security-3-2-5-and…
HIGH | MAY 28, 2014 | CVE-2014-0225
Description Affected Spring Products and Versions Mitigation Credit This issue was discovered and reported responsibly to the Pivotal security team by Nebula(XIAOBAISHAN,CHIBI,HUBEI.CN) HelloWorld security team, DBappsecurity.com security team. Additional…
HIGH | MARCH 11, 2014 | CVE-2014-0054
Description Affected Spring Products and Versions Mitigation Credit This issue was reported to the Spring Framework developers by Spase Markovski. References https://jira.springsource.org/browse/SPR-11376 https://github.com/spring-projects/spring-framework…
HIGH | MARCH 11, 2014 | CVE-2014-0097
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by the Spring Development team. References https://jira.springsource.org/browse/SEC-2500 https://github.com/spring-projects/spring-security/commit/88559882e967085c47a…
