Spring Framework 'class.classLoader' Code Injection Vulnerability

Bugtraq ID: 40954
Class: Input Validation Error
CVE: CVE-2010-1622
Remote: Yes
Local: No
Published: Jun 17 2010 12:00AM
Updated: Nov 03 2015 08:04PM
Credit: Meder Kydyraliev, Google Security Team
Vulnerable: SpringSource Spring Framework 3.0.2
SpringSource Spring Framework 3.0.1
SpringSource Spring Framework 3.0
SpringSource Spring Framework 2.6.6
SpringSource Spring Framework 2.5.7
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5
SpringSource Spring Framework 2.5
Redhat JBoss Web Framework Kit for RHEL 5 Server 1.0.0
Redhat JBoss Web Framework Kit for RHEL 4 ES 5.0.0
Redhat JBoss Web Framework Kit for RHEL 4 AS 5.0.0
Oracle WebCenter Sites 11.1.1 8.0
Oracle WebCenter Sites 7.6.2
Oracle WebCenter Sites 11.1.1.6.1
Apache Geronimo 2.1.5
Apache Geronimo 2.1.4
Apache Geronimo 2.1.3
Apache Geronimo 2.1.2
Apache Geronimo 2.1.1
Apache Geronimo 2.1
Not Vulnerable: SpringSource Spring Framework 3.0.3
SpringSource Spring Framework 2.5.7 SR1 (Subscript
SpringSource Spring Framework 2.5.6.SEC02
Apache Geronimo 2.1.6


 

Privacy Statement
Copyright 2010, SecurityFocus