MEDIUM | JULY 07, 2016 | CVE-2016-5007
Description Both Spring Security and the Spring Framework rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space…
HIGH | JULY 05, 2016 | CVE-2016-4977
Description Affected Spring Products and Versions Mitigation Credit This issue was found by David Vieira-Kurz (@secalert) and reported by Oliver Schoenherr on behalf of Immobilien Scout GmbH. References https://github.com/spring-projects/spring-security-oauth…
CRITICAL | APRIL 11, 2016 | CVE-2016-2173
Description Affected Spring Products and Versions Mitigation Credit Vulnerability discovery by Matthias Kaiser of Code White (www.code-white.com) References https://jira.spring.io/browse/AMQP-590 https://github.com/spring-projects/spring-amqp/commit/4150f107e…
HIGH | NOVEMBER 12, 2015 | CVE-2015-5258
Description Affected Spring Products and Versions Mitigation Credit The issue was first found by Kris Bosch from Include Security. Paul Ambrosini from sourceclear (https://srcclr.com) then identified the root cause, vulnerable library and vulnerable code…
HIGH | OCTOBER 15, 2015 | CVE-2015-5211
Description Affected Spring Products and Versions Mitigation Credit RFD attacks were described by Trustwave in a paper. The issue in the Spring Framework was responsibly reported to Pivotal by Alvaro Muñoz from HPE Security Research. Special thanks to Toshiaki…
LOW | JUNE 30, 2015 | CVE-2015-3192
Description Affected Spring Products and Versions Mitigation Credit This issue was identified responsibly and reported to Pivotal by Toshiaki Maki of NTT DATA Corporation who also helped to develop and test the solution. References https://jira.spring.io…
LOW | MARCH 06, 2015 | CVE-2015-0201
Description Affected Spring Products and Versions Mitigation Credit Philippe Arteau found and responsibly reported the problem to Pivotal. References https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545 https…
MEDIUM | NOVEMBER 11, 2014 | CVE-2014-3625
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by Toshiaki Maki of NTT DATA Corporation and responsibly reported to Pivotal. References https://jira.spring.io/browse/SPR-12354 https://github.com/spring-projects…
MEDIUM | SEPTEMBER 05, 2014 | CVE-2014-3578
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by Takeshi Terada of Mitsui Bussan Secure Directions, Inc. and reported to Pivotal via JPCERT/CC. Information that additional versions were affected was discovered by…
HIGH | AUGUST 15, 2014 | CVE-2014-3527
Description Affected Spring Products and Versions Mitigation Credit This issue was identified by David Ohsie and brought to our attention by the CAS Development team. References http://spring.io/blog/2014/08/15/cve-2014-3527-fixed-in-spring-security-3-2-5-and…
