Spring Framework 'class.classLoader' Code Injection Vulnerability

Spring Framework is prone to a remote code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious Java code within the context of the affected application. Successful exploits will compromise the affected application and the underlying system; other attacks are also possible.

Versions of Spring Framework prior to 3.03, 2.5.6.SEC02, and 2.5.7.SR01 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus