Lucene search
HistoryFeb 19, 2020 - 10:31 p.m.
Insecure version of Spring Web MVC used in Confluence Analytics
0.793 High
EPSS
Percentile
98.3%
Hello! A transitive dependency issue has been found in Confluence Analytics:
https://atlassian.sourceclear.io/workspaces/Paaina7/issues/vulnerabilities/26465610
Confluence Analytics has a transitive dependency on the Spring Web MVC library, which has a security bug.
The issue can be fixed by overriding and adding a new direct dependency of the library in your project.
We do not have a confirmed fix for this issue yet. However, newer versions of the library have been released. We suggest that you upgrade to 4.3.20.RELEASE, which is considered safe.
To upgrade, update the pom.xml file:
{code:java}
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- <version>4.3.20.RELEASE</version>
- </dependency>
{code}
| CPE | Name | Operator | Version |
|---|---|---|---|
| confluence server | lt | 7.5.0 | |
| confluence server | le | 7.3.4 |
Related
thn
thn
ibm
ibm
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
redhat
redhat
osv
osv
libspring-java - security update
2021-04-23 00:00:00
CVE-2016-5007
2017-05-25 17:29:00
veracode
veracode
Directory Traversal
2016-12-28 07:29:41
Denial Of Service (DoS)
2018-10-19 02:43:50
Privilege Escalation Through Multipart Content Pollution
2018-04-06 02:06:57
redhatcve
redhatcve
ubuntucve
ubuntucve
openvas
openvas
Debian: Security Advisory (DLA-2635-1)
2021-04-24 00:00:00
Fedora Update for springframework FEDORA-2016-f341d71730
2017-01-04 00:00:00
Debian: Security Advisory (DLA-1853-1)
2019-07-14 00:00:00
nessus
nessus
Debian DLA-2635-1 : libspring-java security update
2021-04-27 00:00:00
Fedora 25 : springframework (2016-f341d71730)
2017-01-03 00:00:00
MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)
2020-07-24 00:00:00
debian
debian
[SECURITY] [DLA 2635-1] libspring-java security update
2021-04-23 18:29:29
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:20:48
symantec
symantec
Spring Framework CVE-2018-15756 Denial-Of-Service Vulnerability
2018-10-16 00:00:00
cvelist
cvelist
CVE-2016-9878
2016-12-29 09:02:00
CVE-2018-15756 DoS Attack via Range Requests
2018-10-16 00:00:00
CVE-2016-5007
2017-05-25 17:00:00
nvd
nvd
cve
cve
debiancve
debiancve
prion
prion
Directory traversal
2016-12-29 09:59:00
Denial of service
2018-10-18 22:29:00
Authorization
2017-05-25 17:29:00
github
github
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
2018-10-04 20:29:55
Denial of Service in Spring Framework
2020-06-15 19:34:50
fedora
fedora
[SECURITY] Fedora 25 Update: springframework-3.2.18-1.fc25
2017-01-01 21:51:55
seebug
seebug
spring-messaging Remote Code Execution(CVE-2018-1270)
2018-04-08 00:00:00
zdt
zdt
Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit
2018-05-29 00:00:00
checkpoint_advisories
checkpoint_advisories
packetstorm
packetstorm
Pivotal Spring Java Framework 5.0.x Remote Code Execution
2018-05-29 00:00:00
exploitdb
exploitdb
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
2018-05-29 00:00:00
nuclei
nuclei
Spring MVC Framework - Local File Inclusion
2020-06-03 00:53:25
dsquare
dsquare
Spring MVC File Disclosure
2018-12-28 00:00:00
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00
checkpoint_security
checkpoint_security
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
CPU July 2018
2018-07-17 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00