[email protected]CVE-2011-2730

HistoryDec 05, 2012 - 5:55 p.m.

CVE-2011-2730

2012-12-0517:55:01

CWE-16

[email protected]

web.nvd.nist.gov

vmware

springsource

spring framework

expression language

injection

cve-2011-2730

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.5 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.4%

JSON

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or © spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka “Expression Language Injection.”

Affected configurations

NVD

Node

springsourcespring_frameworkRange≤2.5.7_sr01

springsourcespring_frameworkRange≤3.0.5

springsourcespring_frameworkMatch2.5.0

springsourcespring_frameworkMatch2.5.0rc1

springsourcespring_frameworkMatch2.5.0rc2

springsourcespring_frameworkMatch2.5.1

springsourcespring_frameworkMatch2.5.2

springsourcespring_frameworkMatch2.5.3

springsourcespring_frameworkMatch2.5.4

springsourcespring_frameworkMatch2.5.5

springsourcespring_frameworkMatch2.5.6

springsourcespring_frameworkMatch2.5.7

springsourcespring_frameworkMatch3.0.0

springsourcespring_frameworkMatch3.0.1

springsourcespring_frameworkMatch3.0.2

springsourcespring_frameworkMatch3.0.3

springsourcespring_frameworkMatch3.0.4

CPENameOperatorVersion
springsource:spring_frameworkspringsource spring frameworkle2.5.7_sr01
springsource:spring_frameworkspringsource spring frameworkle3.0.5
springsource:spring_frameworkspringsource spring frameworkeq2.5.0
springsource:spring_frameworkspringsource spring frameworkeq2.5.1
springsource:spring_frameworkspringsource spring frameworkeq2.5.2
springsource:spring_frameworkspringsource spring frameworkeq2.5.3
springsource:spring_frameworkspringsource spring frameworkeq2.5.4
springsource:spring_frameworkspringsource spring frameworkeq2.5.5
springsource:spring_frameworkspringsource spring frameworkeq2.5.6
springsource:spring_frameworkspringsource spring frameworkeq2.5.7

CPE	Name	Operator	Version
springsource:spring_framework	springsource spring framework	le	2.5.7_sr01
springsource:spring_framework	springsource spring framework	le	3.0.5
springsource:spring_framework	springsource spring framework	eq	2.5.0
springsource:spring_framework	springsource spring framework	eq	2.5.1
springsource:spring_framework	springsource spring framework	eq	2.5.2
springsource:spring_framework	springsource spring framework	eq	2.5.3
springsource:spring_framework	springsource spring framework	eq	2.5.4
springsource:spring_framework	springsource spring framework	eq	2.5.5
springsource:spring_framework	springsource spring framework	eq	2.5.6
springsource:spring_framework	springsource spring framework	eq	2.5.7