SecurityHome.eu Security vulnerability: Spring MVC 3.2.8 / 4.0.1 Incomplete Fix

Home / vulnerabilities PDF

Spring MVC 3.2.8 / 4.0.1 Incomplete Fix
Posted on 13 March 2014
Source : packetstormsecurity.org Link

Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20