CVE-2010-1622
published 2010-06-21CVE-2010-1622: SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via…
medium6CVSS 3.1
AVNACMAuSCPIPAP
EXPLOIT
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | fusion_middleware | — | — |
| oracle | fusion_middleware | — | — |
| oracle | fusion_middleware | — | — |
| paloalto | pan-os | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |
| springsource | spring_framework | — | — |