Lucene search

[email protected]NVD:CVE-2016-9878

HistoryDec 29, 2016 - 9:59 a.m.

CVE-2016-9878

2016-12-2909:59:00

CWE-22

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Affected configurations

NVD

Node

pivotal_softwarespring_frameworkRange≤3.2.0

pivotal_softwarespring_frameworkMatch4.2.0

pivotal_softwarespring_frameworkMatch4.3.0

vmwarespring_frameworkMatch3.2.1

vmwarespring_frameworkMatch3.2.2

vmwarespring_frameworkMatch3.2.3

vmwarespring_frameworkMatch3.2.4

vmwarespring_frameworkMatch3.2.5

vmwarespring_frameworkMatch3.2.6

vmwarespring_frameworkMatch3.2.7

vmwarespring_frameworkMatch3.2.8

vmwarespring_frameworkMatch3.2.9

vmwarespring_frameworkMatch3.2.10

vmwarespring_frameworkMatch3.2.11

vmwarespring_frameworkMatch3.2.12

vmwarespring_frameworkMatch3.2.13

vmwarespring_frameworkMatch3.2.14

vmwarespring_frameworkMatch3.2.15

vmwarespring_frameworkMatch3.2.16

vmwarespring_frameworkMatch3.2.17

vmwarespring_frameworkMatch4.2.1

vmwarespring_frameworkMatch4.2.2

vmwarespring_frameworkMatch4.2.3

vmwarespring_frameworkMatch4.2.4

vmwarespring_frameworkMatch4.2.5

vmwarespring_frameworkMatch4.2.6

vmwarespring_frameworkMatch4.2.7

vmwarespring_frameworkMatch4.2.8

vmwarespring_frameworkMatch4.3.1

vmwarespring_frameworkMatch4.3.2

vmwarespring_frameworkMatch4.3.3

vmwarespring_frameworkMatch4.3.4

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.securityfocus.com/bid/95072

www.securitytracker.com/id/1040698

access.redhat.com/errata/RHSA-2017:3115

lists.debian.org/debian-lts-announce/2019/07/msg00012.html

pivotal.io/security/cve-2016-9878

security.netapp.com/advisory/ntap-20180419-0002/

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for NVD:CVE-2016-9878

veracode1 ubuntucve1 redhatcve1 cvelist1 cve1 nessus4 debiancve1 osv3 fedora1 openvas3 github1 prion1 ibm10 redhat1 debian1 ubuntu1 atlassian1 oracle4