cbcvebase.
CVE-2016-9878
published 2016-12-29

CVE-2016-9878: An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not…

high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
debianlibspring-java< libspring-java 4.3.5-1 (bookworm)libspring-java 4.3.5-1 (bookworm)
pivotal_softwarespring_framework<= 3.2.0
pivotal_softwarespring_framework
pivotal_softwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework
vmwarespring_framework

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv8.8HIGH