[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1622Date: (C)2010-06-21   (M)2023-12-22


SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1033898
EXPLOIT-DB-13918
http://www.securityfocus.com/archive/1/511877
BID-40954
SECUNIA-41016
SECUNIA-41025
SECUNIA-43087
ADV-2011-0237
RHSA-2011:0175
http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
http://geronimo.apache.org/21x-security-report.html
http://geronimo.apache.org/22x-security-report.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.springsource.com/security/cve-2010-1622

CWE    1
CWE-94
OVAL    1
oval:org.secpod.oval:def:78521

© SecPod Technologies