mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #85
Closed mend-bolt-for-github[bot] closed 3 years ago
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #85
CVE-2016-9878 - High Severity Vulnerability
Spring Framework Parent
Path to dependency file: struts-2.3.20/plugins/portlet/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/3.0.5.RELEASE/spring-webmvc-3.0.5.RELEASE.jar
Dependency Hierarchy: - spring-webmvc-portlet-3.0.5.RELEASE.jar (Root Library) - :x: **spring-webmvc-3.0.5.RELEASE.jar** (Vulnerable Library)
Found in HEAD commit: 1d3a9da2b49a075b9122e05e19a483fc66b5aaf4
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Publish Date: 2016-12-29
URL: CVE-2016-9878
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878
Release Date: 2016-12-29
Fix Resolution: 3.2.18,4.2.9,4.3.5.