CVE-2015-3192
published 2016-07-12CVE-2015-3192: Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libspring-java | < libspring-java 4.1.9-1 (bookworm) | libspring-java 4.1.9-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| pivotal_software | spring_framework | — | — |
| pivotal_software | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv8.8HIGH