CVE-2015-3192

CVE Database · CVE-2015-3192

CVE-2015-3192

· N/AModified

CVSS v3.1

N/A

EPSS

5.32%

Published

Jul 12, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Weaknesses (CWE)

CWE-119

Affected Products (23)

pivotal_software · spring_frameworkvulnerable

vmware · spring_frameworkvulnerable