CVE-2011-2730: Spring Framework Information Disclosure
Severity: Variable depending on application. Likely to be low to moderate, may
be important.
Version affected:
3.0.0 to 3.0.5
2.5.0 to 2.5.6.SEC02 (community releases)
2.5.0 to 2.5.7.SR01 (subscription customers)
Earlier, unsupported
CVE-2011-2732: Spring Security header injection vulnerability
Severity: Important
Versions Affected:
2.0.0 to 2.0.6
3.0.0 to 3.0.5
Earlier versions may also be affected
Description:
Spring Security allows the use of a parameter (named spring-security-redirect
by default) to determine
CVE-2011-2894: Spring Framework and Spring Security serialization-based
remoting vulnerabilities
Severity: Critical
Versions Affected:
Spring Framework:
3.0.0 to 3.0.5
Spring Security:
2.0.0 to 2.0.6
3.0.0 to 3.0.5
Earlier versions may also be affected
Description:
Several
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager
Severity: Moderate
Versions Affected:
2.0.0 to 2.0.6
3.0.0 to 3.0.5
Earlier versions may also be affected
Description:
Spring Security provides a mechanism (RunAsManager) to allow particular
operations to run with a
Severity: Important
Versions Affected:
2.0.0.RELEASE to 2.0.5.SR01
2.1.0.RELEASE to 2.1.1.SR01
Description:
tc Server allows users to store the passwords used for JMX authentication in an
obfuscated form for organizations where storing passwords in plain text is not
permitted. The JMX
CVE-2010-3700 - Spring Security - Bypassing of security constraints
Severity:
Important
Vendor:
SpringSource, a division of VMware
Versions affected:
Spring Security 3.0.0 to 3.0.3
Spring Security 2.0.0 t0 2.0.5
Acegi Security 1.0.0 to 1.0.7
Description:
Spring Security does not consider
CVE-2010-1622: Spring Framework execution of arbitrary code
Severity: Critical
Vendor:
SpringSource, a division of VMware
Versions Affected:
3.0.0 to 3.0.2
2.5.0 to 2.5.6.SEC01 (community releases)
2.5.0 to 2.5.7 (subscription customers)
Earlier versions may also be affected
Description:
The
CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX
interface
Severity: Critical
Vendor:
SpringSource, a division of VMware
Versions Affected:
tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A
Description:
A problem has been identified in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities
Severity: Moderate
Vendor: SpringSource
Versions Affected:
SpringSource Hyperic HQ 4.2 pre-release versions
SpringSource Hyperic HQ 4.1.0 to 4.1.2
SpringSource Hyperic HQ 4.0.0 to