Lucene search

K

Ubuntu.comUB:CVE-2014-1904

HistoryMar 20, 2014 - 12:00 a.m.

CVE-2014-1904

2014-03-2000:00:00

ubuntu.com

ubuntu.com

15

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.4%

Cross-site scripting (XSS) vulnerability in
web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0
before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject
arbitrary web script or HTML via the requested URI in a default action.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741604>

References

docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt

www.gopivotal.com/security/cve-2014-1904

github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485

jira.springsource.org/browse/SPR-11426

launchpad.net/bugs/cve/CVE-2014-1904

nvd.nist.gov/vuln/detail/CVE-2014-1904

security-tracker.debian.org/tracker/CVE-2014-1904

www.cve.org/CVERecord?id=CVE-2014-1904

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.4%

Related for UB:CVE-2014-1904

github1 cve1 osv2 cvelist1 prion1 debiancve1 securityvulns2 nvd1 openvas3 debian1 nessus1 mageia1 redhat2 ibm3