[Full-disclosure] CVE-2011-2730: Spring Framework Information Disclosure

CVE-2011-2730: Spring Framework Information Disclosure Severity: Variable depending on application. Likely to be low to moderate, may be important. Version affected: 3.0.0 to 3.0.5 2.5.0 to 2.5.6.SEC02 (community releases) 2.5.0 to 2.5.7.SR01 (subscription customers) Earlier, unsupported

[Full-disclosure] CVE-2011-2732: Spring Security header injection vulnerability

CVE-2011-2732: Spring Security header injection vulnerability Severity: Important Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security allows the use of a parameter (named spring-security-redirect by default) to determine

[Full-disclosure] CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Severity: Critical Versions Affected: Spring Framework: 3.0.0 to 3.0.5 Spring Security: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Several

[Full-disclosure] CVE-2011-2731: Spring Security privilege escalation when using RunAsManager

CVE-2011-2731: Spring Security privilege escalation when using RunAsManager Severity: Moderate Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security provides a mechanism (RunAsManager) to allow particular operations to run with a

[Full-disclosure] CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass

Severity: Important Versions Affected: 2.0.0.RELEASE to 2.0.5.SR01 2.1.0.RELEASE to 2.1.1.SR01 Description: tc Server allows users to store the passwords used for JMX authentication in an obfuscated form for organizations where storing passwords in plain text is not permitted. The JMX

[Full-disclosure] CVE-2010-3700: Spring Security bypass of security constraints

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider

[Full-disclosure] CVE-2010-1622: Spring Framework execution of arbitrary code

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 (community releases) 2.5.0 to 2.5.7 (subscription customers) Earlier versions may also be affected Description: The

[Full-disclosure] CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface

CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A Description: A problem has been identified in the

[Full-disclosure] CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities Severity: Moderate Vendor: SpringSource Versions Affected: SpringSource Hyperic HQ 4.2 pre-release versions SpringSource Hyperic HQ 4.1.0 to 4.1.2 SpringSource Hyperic HQ 4.0.0 to