Skip to main content
CVE-2015-5211 CRITICAL POC PATCH Act Now

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Information Disclosure Spring Framework Debian Linux
NVD
CVSS 3.1
9.6
EPSS
1.9%
CVE-2016-0761 CRITICAL Act Now

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Elastic Information Disclosure Garden Linux Cloud Foundry Elastic Runtime
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2014-3527 CRITICAL PATCH Act Now

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Java Spring Security
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-4435 CRITICAL Act Now

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Privilege Escalation Bosh Stemcell
NVD
CVSS 3.0
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy