CVE Reference: CVE-2010-1622

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-1622

Description:
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA43087
  Secunia Advisory: SA41016
  Secunia Advisory: SA41025

REDHAT
  http://www.redhat.com/support/errata/RHSA-2011-0175.html

EXPLOIT-DB
  http://www.exploit-db.com/exploits/13918

CONFIRM
  http://geronimo.apache.org/21x-security-report.html
  http://geronimo.apache.org/22x-security-report.html
  http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
  http://www.springsource.com/security/cve-2010-1622

BUGTRAQ
  http://www.securityfocus.com/archive/1/511877

BID
  40954


Return to the previous page.