CVE-2010-1622 in Oracle Fusion Middlewareinfo

Summary

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/29/2010

Disclosure

06/21/2010

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
78568	Oracle Fusion Middleware WebCenter Sites code injection	94	Proof-of-Concept	Official fix	CVE-2010-1622
53743	SpringSource Spring Framework class.classLoader.URLs[0] code injection	94	Proof-of-Concept	Official fix	CVE-2010-1622

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!