CVE-2014-3625

Pivotal Software Spring Framework < 3.1.4 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Exploits (2)

nomisec WORKING POC 32 stars

by ilmila · poc

https://github.com/ilmila/springcss-cve-2014-3625

View Code ZIP pw:eip

nomisec WORKING POC

by gforresu · poc

https://github.com/gforresu/SpringPathTraversal

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-0236.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-0720.html

[Vendor Advisory] http://www.pivotal.io/security/cve-2014-3625

[Third Party Advisory] https://jira.spring.io/browse/SPR-12354

[Mailing List] https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Scores

EPSS 0.1736

EPSS Percentile 95.1%

Details

CWE

CWE-22

Status published

Products (3)

org.springframework/spring-webmvc 3.0.4 - 3.2.12Maven

pivotal_software/spring_framework 3.1.0 - 3.1.4

vmware/spring_framework 3.0.4 - 3.0.7

Published Nov 20, 2014

Tracked Since Feb 18, 2026