Spring Framework 'class.classLoader' Code Injection Vulnerability

Bugtraq ID: 40954
Class: Input Validation Error
CVE: CVE-2010-1622
Remote: Yes
Local: No
Published: Jun 17 2010 12:00AM
Updated: Jan 25 2011 05:01PM
Credit: Meder Kydyraliev, Google Security Team
Vulnerable: SpringSource Spring Framework 3.0.2
SpringSource Spring Framework 3.0.1
SpringSource Spring Framework 3.0
SpringSource Spring Framework 2.6.6
SpringSource Spring Framework 2.5.7
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5
SpringSource Spring Framework 2.5
Red Hat JBoss Web Framework Kit for RHEL 5 Server 1.0.0
Red Hat JBoss Web Framework Kit for RHEL 4 ES 5.0.0
Red Hat JBoss Web Framework Kit for RHEL 4 AS 5.0.0
Apache Software Foundation Geronimo 2.1.5
Apache Software Foundation Geronimo 2.1.4
Apache Software Foundation Geronimo 2.1.3
Apache Software Foundation Geronimo 2.1.2
Apache Software Foundation Geronimo 2.1.1
Apache Software Foundation Geronimo 2.1
Not Vulnerable: SpringSource Spring Framework 3.0.3
SpringSource Spring Framework 2.5.7 SR1 (Subscript
SpringSource Spring Framework 2.5.6.SEC02
Apache Software Foundation Geronimo 2.1.6


 

Privacy Statement
Copyright 2010, SecurityFocus