CVE-2011-2730 — Spring Framework vulnerability

CWE-167 documents6 sources

Severity

7.5HIGHNVD

EPSS

46.3%

top 2.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Springsource Spring Framework

Timeline

PublishedDec 5

Latest updateMay 17

Description

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme …

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDspringsource/spring_framework2.5.7_sr01+14

🔴Vulnerability Details

GHSA

Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework↗2022-05-17

▶

OSV

Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework↗2022-05-17

▶

CVEList

CVE-2011-2730: VMware SpringSource Spring Framework before 2↗2012-12-05

▶

📋Vendor Advisories

Red Hat

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure↗2011-09-09

▶

💬Community

Bugzilla

Spring Framework: Remote code execution with Expression Language injection↗2013-01-18

▶

Bugzilla

CVE-2011-2730 Spring Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure↗2011-09-12

▶