Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2010-1622
StatusCandidate
DescriptionSpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Severity
Medium
CVSS score5,1
CVSS vector(AV:N/AC:H/Au:N/C:P/I:P/A:P)
PhaseAssigned (04.02.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1622
ReferencesEXPLOIT-DB : 13918
 BUGTRAQ : 20100618 CVE-2010-1622: Spring Framework execution of arbitrary code
 BID : 40954
 SECUNIA : 41016
 SECUNIA : 41025
 CONFIRM : http://geronimo.apache.org/2010/07/21/apache-geron...
 CONFIRM : http://geronimo.apache.org/21x-security-report.html
 CONFIRM : http://geronimo.apache.org/22x-security-report.html
 CONFIRM : http://www.springsource.com/security/cve-2010-1622
SecurityVulns:Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
 Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod