Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:6055
HistoryApr 06, 2018 - 1:47 a.m.

Directory Traversal

2018-04-0601:47:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27

EPSS

0.004

Percentile

72.7%

JSON

spring-webmvc is vulnerable to directory traversal attack. The vulnerability exists due to the improper sanitization of the path values which allows valid Windows files to be served as static resources. This vulnerability only affects spring-webmvc running on Windows which allows serving files with the file: locator, does not use Spring Security with versions patched for CVE-2018-1199, and use Tomcat/WildFly as the server.

Related

github 2
cvelist 2
ubuntucve 2
redhatcve 2
osv 4
veracode 1
cve 2
nuclei 1
nessus 1
prion 2
jvn 1
debiancve 2
nvd 2
dsquare 1
thn 1
redhat 4
atlassian 1
f5 1
ibm 6
openvas 1
oracle 6
github
github
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
2018-10-17 20:01:54
Path Traversal in org.springframework:spring-core
2018-10-17 20:07:03
cvelist
cvelist
CVE-2018-1199
2018-03-16 20:00:00
CVE-2018-1271
2018-04-06 13:00:00
ubuntucve
ubuntucve
CVE-2018-1199
2018-03-16 00:00:00
CVE-2018-1271
2018-04-06 00:00:00
redhatcve
redhatcve
CVE-2018-1199
2018-02-05 11:49:35
CVE-2018-1271
2018-04-24 02:48:44
osv
osv
CVE-2018-1199
2018-03-16 20:29:00
CVE-2018-1271
2018-04-06 13:29:00
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
2018-10-17 20:01:54
veracode
veracode
Security Constraint Bypass
2018-01-31 03:11:32
cve
cve
CVE-2018-1271
2018-04-06 13:29:00
CVE-2018-1199
2018-03-16 20:29:00
nuclei
nuclei
Spring MVC Framework - Local File Inclusion
2020-06-03 00:53:25
nessus
nessus
Spring Framework 4.3.x < 4.3.15 / 5.0.x < 5.0.5 Windows Directory Traversal Vulnerability (CVE-2018-1271)
2018-12-21 00:00:00
prion
prion
Security feature bypass
2018-03-16 20:29:00
Directory traversal
2018-04-06 13:29:00
jvn
jvn
JVN#15643848: Spring Security and Spring Framework vulnerable to authentication bypass
2018-02-02 00:00:00
debiancve
debiancve
CVE-2018-1199
2018-03-16 20:29:00
CVE-2018-1271
2018-04-06 13:29:00
nvd
nvd
CVE-2018-1199
2018-03-16 20:29:00
CVE-2018-1271
2018-04-06 13:29:00
dsquare
dsquare
Spring MVC File Disclosure
2018-12-28 00:00:00
thn
thn
Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now
2018-04-06 07:58:00
redhat
redhat
(RHSA-2018:2405) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
2018-08-14 19:41:42
(RHSA-2018:1320) Critical: Red Hat OpenShift Application Runtimes security and bug fix update
2018-05-03 17:05:40
(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
2018-10-17 19:27:11
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
2021-01-12 14:42:24
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7
2023-04-25 08:12:52
Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities
2022-12-02 19:43:36
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00

EPSS

0.004

Percentile

72.7%

JSON
Related for VERACODE:6055
github2cvelist2ubuntucve2redhatcve2osv4veracode1cve2nuclei1nessus1prion2jvn1debiancve2nvd2dsquare1thn1redhat4atlassian1f51ibm6openvas1oracle6