CVE-2014-3625
Spring Framework 3.0.4-3.2.11, 4.0.0-4.0.7, 4.1.0-4.1.1 - Path Traversal via Static Resource Handling
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2014-3625. PoCs published by ilmila, gforresu.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2014-3625, a vulnerability in Spring Framework's resource handling. The exploit demonstrates directory traversal and file disclosure via crafted requests.
Description
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Exploits (2)
This repository contains a proof-of-concept exploit for CVE-2014-3625, a vulnerability in Spring Framework's resource handling. The exploit demonstrates directory traversal and file disclosure via crafted requests.
This PoC demonstrates a path traversal vulnerability in Spring Framework (CVE-2014-3625) by manipulating resource handlers to access arbitrary files. The exploit leverages improper path sanitization in `ResourceHttpRequestHandler` to bypass security checks.