[Secure-testing-team] Bug#769698: libspring-java: CVE-2014-3625 Directory Traversal in Spring Framework

Sat, 15 Nov 2014 08:57:53 -0800 

Source: libspring-java
Version: 3.0.0
Severity: serious
Tags: security
Justification: must



According to https://github.com/spring-projects/spring-framework/commit/3f68cd 
versions affected include 3.0.0 to 3.2.11

The feature of '<mvc:resources/> ' seems to be introduced in 3.0.4 ( 
http://docs.spring.io/spring/d... ).

Bastien

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to