CVE-2016-9878

CWE-22 — Path Traversal11 documents8 sources

Severity

7.5HIGH

EPSS

5.6%

top 9.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Spring Framework Vmware Spring Framework

Timeline

PublishedDec 29

Latest updateMar 17

Description

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDpivotal_software/spring_framework3.2.0+2

▶Mavenorg.springframework:spring-webmvc4.2.0 — 4.2.9+2

▶NVDvmware/spring_framework29 versions+28

▶Debianlibspring-java< 4.3.5-1+3

🔴Vulnerability Details

OSV

libspring-java vulnerabilities↗2021-03-17

▶

GHSA

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized↗2018-10-04

▶

OSV

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized↗2018-10-04

▶

OSV

CVE-2016-9878: An issue was discovered in Pivotal Spring Framework before 3↗2016-12-29

▶

CVEList

CVE-2016-9878: An issue was discovered in Pivotal Spring Framework before 3↗2016-12-29

▶

📋Vendor Advisories

Ubuntu

Spring Framework vulnerabilities↗2021-03-17

▶

Red Hat

Framework: Directory Traversal in the Spring Framework ResourceServlet↗2016-12-21

▶

Debian

CVE-2016-9878: libspring-java - An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before ...↗2016

▶

💬Community

Bugzilla

CVE-2016-9878 springframework: Spring Framework: Directory Traversal in the Spring Framework ResourceServlet [fedora-all]↗2016-12-22

▶

Bugzilla

CVE-2016-9878 Spring Framework: Directory Traversal in the Spring Framework ResourceServlet↗2016-12-22

▶