Path to vulnerable library: /epository/org/springframework/spring-web/4.0.5.RELEASE/spring-web-4.0.5.RELEASE.jar,/target/todo-api-1.0-SNAPSHOT/WEB-INF/lib/spring-web-4.0.5.RELEASE.jar
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
CVE-2015-3192 - Medium Severity Vulnerability
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /epository/org/springframework/spring-web/4.0.5.RELEASE/spring-web-4.0.5.RELEASE.jar,/target/todo-api-1.0-SNAPSHOT/WEB-INF/lib/spring-web-4.0.5.RELEASE.jar
Dependency Hierarchy: - :x: **spring-web-4.0.5.RELEASE.jar** (Vulnerable Library)
Found in base branch: master
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Publish Date: 2016-07-12
URL: CVE-2015-3192
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
Release Date: 2016-07-12
Fix Resolution: 4.1.7.RELEASE