Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
|
Bugtraq ID:
|
49543
|
|
Class:
|
Design Error
|
|
CVE:
|
CVE-2011-2730
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Sep 09 2011 12:00AM
|
|
Updated:
|
Jun 18 2013 10:37PM
|
|
Credit:
|
Stefano Di Paola, Minded Security and Arshan Dabirsiaghi, Aspect Security.
|
|
Vulnerable:
|
SpringSource Spring Framework 3.0.5
SpringSource Spring Framework 3.0.3
SpringSource Spring Framework 3.0.2
SpringSource Spring Framework 3.0.1
SpringSource Spring Framework 3.0
SpringSource Spring Framework 2.5.7
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.6
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.5
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.4
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.3
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.2
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5.1
SpringSource Spring Framework 2.5
SpringSource Spring Framework 2.5
SpringSource Spring Framework 2.5.7 SR1 (Subscript
SpringSource Spring Framework 2.5.6.SEC02
Red Hat JBoss Enterprise Web Platform for RHEL 5 Server 5
Red Hat JBoss Enterprise Web Platform for RHEL 4ES 5
Red Hat JBoss Enterprise Web Platform for RHEL 4AS 5
Red Hat JBoss Enterprise BRMS Platform 5.1
Red Hat JBoss Enterprise Application Platform for RHEL 4ES 5
Red Hat JBoss Enterprise Application Platform for RHEL 4AS 5
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
|
|
|
|
Not Vulnerable:
|
SpringSource Spring Framework 3.0.6
SpringSource Spring Framework 2.5.7.SR02
SpringSource Spring Framework 2.5.6.SEC03
|
|
