Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-1622
HistoryJun 21, 2010 - 4:30 p.m.

CVE-2010-1622

2010-06-2116:30:01
CWE-94
[email protected]
web.nvd.nist.gov
167
1
cve-2010-1622
springsource
spring framework
remote code execution
http request
security vulnerability

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.8%

JSON

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

Affected configurations

NVD
Node
oraclefusion_middlewareMatch7.6.2
OR
oraclefusion_middlewareMatch11.1.1.6.1
OR
oraclefusion_middlewareMatch11.1.1.8.0
Node
springsourcespring_frameworkMatch2.5.0
OR
springsourcespring_frameworkMatch2.5.1
OR
springsourcespring_frameworkMatch2.5.2
OR
springsourcespring_frameworkMatch2.5.3
OR
springsourcespring_frameworkMatch2.5.4
OR
springsourcespring_frameworkMatch2.5.5
OR
springsourcespring_frameworkMatch2.5.6
OR
springsourcespring_frameworkMatch2.5.7
OR
springsourcespring_frameworkMatch3.0.0
OR
springsourcespring_frameworkMatch3.0.1
OR
springsourcespring_frameworkMatch3.0.2

Social References

More

Related

exploitpack 1
seebug 2
osv 1
securityvulns 3
checkpoint_advisories 1
nvd 1
cvelist 1
prion 1
github 1
exploitdb 1
nessus 1
githubexploit 1
thn 1
cisa 1
securelist 1
avleonov 1
mssecure 1
mmpc 1
trellix 2
checkpoint_security 1
ibm 3
oracle 1
exploitpack
exploitpack
Spring Framework - Arbitrary code Execution
2010-06-18 00:00:00
seebug
seebug
Spring Framework arbitrary code execution
2014-07-01 00:00:00
Spring Framework class.classLoader็ฑป่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž
2010-06-21 00:00:00
osv
osv
Improper Control of Generation of Code ('Code Injection') in Spring Framework
2022-05-17 03:28:34
securityvulns
securityvulns
CVE-2010-1622: Spring Framework execution of arbitrary code
2010-06-20 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-06-20 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-11-02 00:00:00
checkpoint_advisories
checkpoint_advisories
VMware SpringSource Spring Framework class.classloader Remote Code Execution (CVE-2010-1622)
2011-06-07 00:00:00
nvd
nvd
CVE-2010-1622
2010-06-21 16:30:01
cvelist
cvelist
CVE-2010-1622
2010-06-21 16:00:00
prion
prion
Code injection
2010-06-21 16:30:00
github
github
Improper Control of Generation of Code ('Code Injection') in Spring Framework
2022-05-17 03:28:34
exploitdb
exploitdb
Spring Framework - Arbitrary code Execution
2010-06-18 00:00:00
nessus
nessus
Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)
2015-10-23 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-22965
2022-04-05 09:35:41
thn
thn
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
2022-03-31 05:52:00
cisa
cisa
Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities
2022-04-01 00:00:00
securelist
securelist
Spring4Shell (CVE-2022-22965): details and mitigations
2022-04-04 15:30:36
avleonov
avleonov
Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection
2022-04-03 00:15:45
mssecure
mssecure
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
2022-04-05 01:11:24
mmpc
mmpc
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
2022-04-05 01:11:24
trellix
trellix
The Bug Report โ€“ April 2022 Edition
2022-05-04 00:00:00
The Bug Report โ€“ April 2022 Edition
2022-05-04 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02
ibm
ibm
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
2023-06-22 16:30:54
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
2023-06-06 18:05:17
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
2019-02-18 14:10:01
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.8%

JSON
Related for CVE-2010-1622
exploitpack1seebug2osv1securityvulns3checkpoint_advisories1nvd1cvelist1prion1github1exploitdb1nessus1githubexploit1thn1cisa1securelist1avleonov1mssecure1mmpc1trellix2checkpoint_security1ibm3oracle1