Lucene search
GoogleOSV:DSA-2890-1HistoryMar 29, 2014 - 12:00 a.m.
libspring-java - security update
2014-03-2900:00:00
Google
osv.dev
5
0.396 Low
EPSS
Percentile
97.3%
Two vulnerabilities were discovered in libspring-java, the Debian
package for the Java Spring framework.
- CVE-2014-0054
Jaxb2RootElementHttpMessageConverter in Spring MVC processes
external XML entities. - CVE-2014-1904
Spring MVC introduces a cross-site scripting vulnerability if the
action on a Spring form is not specified.
For the stable distribution (wheezy), these problems have been fixed in
version 3.0.6.RELEASE-6+deb7u3.
For the testing distribution (jessie) and the unstable distribution
(sid), these problems have been fixed in version 3.0.6.RELEASE-13.
We recommend that you upgrade your libspring-java packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libspring-java | eq | 3.0.6.RELEASE-6 | |
| libspring-java | eq | 3.0.6.RELEASE-6+deb7u1 | |
| libspring-java | eq | 3.0.6.RELEASE-6+deb7u2 |
References
Related
openvas
openvas
Debian: Security Advisory (DSA-2890-1)
2014-03-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0155)
2022-01-28 00:00:00
Debian Security Advisory DSA 2890-1 (libspring-java - security update)
2014-03-29 00:00:00
debian
debian
[SECURITY] [DSA 2890-1] libspring-java security update
2014-03-29 19:21:40
nessus
nessus
Debian DSA-2890-1 : libspring-java - security update
2014-03-31 00:00:00
mageia
mageia
Updated springframework packages fix multiple vulnerabilities
2014-04-03 05:07:29
github
github
Cross-Site Request Forgery in Spring Framework
2022-05-13 01:02:38
cve
cve
CVE-2014-1904
2014-03-20 16:55:12
CVE-2014-0054
2014-04-17 14:55:06
ubuntucve
ubuntucve
CVE-2014-1904
2014-03-20 00:00:00
CVE-2014-0054
2014-04-17 00:00:00
osv
osv
Cross-Site Request Forgery in Spring Framework
2022-05-13 01:02:38
cvelist
cvelist
CVE-2014-1904
2014-03-20 16:00:00
CVE-2014-0054
2014-04-17 14:00:00
prion
prion
Cross site scripting
2014-03-20 16:55:00
Xxe
2014-04-17 14:55:00
debiancve
debiancve
CVE-2014-1904
2014-03-20 16:55:12
CVE-2014-0054
2014-04-17 14:55:06
securityvulns
securityvulns
CVE-2014-1904 XSS when using Spring MVC
2014-05-05 00:00:00
nvd
nvd
CVE-2014-1904
2014-03-20 16:55:12
CVE-2014-0054
2014-04-17 14:55:06
ibm
ibm
redhat
redhat
(RHSA-2014:0401) Moderate: Red Hat JBoss A-MQ 6.1.0 update
2014-04-14 13:36:41
(RHSA-2014:0400) Moderate: Red Hat JBoss Fuse 6.1.0 update
2014-04-14 00:00:00
checkpoint_advisories
checkpoint_advisories
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00