Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability

Bugtraq ID: 49543
Class: Design Error
CVE: CVE-2011-2730
Remote: Yes
Local: No
Published: Sep 09 2011 12:00AM
Updated: Oct 04 2013 12:15AM
Credit: Stefano Di Paola, Minded Security and Arshan Dabirsiaghi, Aspect Security.
Vulnerable: SpringSource Spring Framework 3.0.5
SpringSource Spring Framework 3.0.3
SpringSource Spring Framework 3.0.2
SpringSource Spring Framework 3.0.1
SpringSource Spring Framework 3.0
SpringSource Spring Framework 2.5.7
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5
SpringSource Spring Framework 2.5
SpringSource Spring Framework 2.5.7 SR1 (Subscript
SpringSource Spring Framework 2.5.6.SEC02
Red Hat JBoss Enterprise Web Platform for RHEL 5 Server 5
Red Hat JBoss Enterprise Web Platform for RHEL 4ES 5
Red Hat JBoss Enterprise Web Platform for RHEL 4AS 5
Red Hat JBoss Enterprise BRMS Platform 5.1
Red Hat JBoss Enterprise Application Platform for RHEL 4ES 5
Red Hat JBoss Enterprise Application Platform for RHEL 4AS 5
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: SpringSource Spring Framework 3.0.6
SpringSource Spring Framework 2.5.7.SR02
SpringSource Spring Framework 2.5.6.SEC03


 

Privacy Statement
Copyright 2010, SecurityFocus