CVE-2016-9878

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Weaknesses (CWE)

CWE-22

Affected Products (32)

pivotal_software · spring_frameworkvulnerable

vmware · spring_frameworkvulnerable

References (20)

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/95072

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040698

https://access.redhat.com/errata/RHSA-2017:3115

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

https://pivotal.io/security/cve-2016-9878

Vendor Advisory

https://security.netapp.com/advisory/ntap-20180419-0002/