Download
| Alert*
oval:org.secpod.oval:def:78856
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is ... oval:org.secpod.oval:def:78858 The host is installed with SpringSource Spring Framework before 5.2.20 or 5.3.0 before 5.3.18 and is prone to a remote code execution (Spring4Shell) vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted request to a vulnerable server. Successful expl ... oval:org.secpod.oval:def:78859 The host is installed with SpringSource Spring Framework before 5.2.20 or 5.3.0 before 5.3.18 and is prone to a remote code execution (Spring4Shell) vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted request to a vulnerable server. Successful expl ... oval:org.secpod.oval:def:78523 The host is installed with SpringSource Spring Framework before 5.2.20 or 5.3.0 before 5.3.18 and is prone to a remote code execution (Spring4Shell) vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted request to a vulnerable server. Successful expl ... oval:org.secpod.oval:def:1701687 A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, , using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionalit ... oval:org.secpod.oval:def:1701758 A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, , using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionalit ... |