Spring Web Services Known Vulnerabilities and Issues
Components of Spring Web Services
Spring Web Services is built with the following components. Please see the security advisories information for each component for more information on the security vulnerabilities and issues that may affect that component.
| Component | Security advisories |
|---|---|
| Spring Framework | Spring Framework security advisories |
| Spring Security | Spring Security security advisories |
Spring Web Services is built using the following versions of these components:
| Spring Web Services version | Spring Framework version | Spring Security version |
|---|---|---|
| 2.0.2.RELEASE | 3.0.5.RELEASE | 3.0.4.RELEASE |
| 2.0.1.RELEASE | 3.0.5.RELEASE | 3.0.3.RELEASE |
| 2.0.0.RELEASE | 3.0.5.RELEASE | 3.0.2.RELEASE |
| 1.5.10.RELEASE | 2.5.6 | 2.0.6.RELEASE |
| 1.5.9.RELEASE | 2.5.6 | 2.0.5.RELEASE |
| 1.5.8.RELEASE | 2.5.6 | 2.0.2 |
| 1.5.7.RELEASE | 2.5.6 | 2.0.2 |
| 1.5.6.RELEASE | 2.5.6 | 2.0.2 |
| 1.5.5.RELEASE | 2.5.6 | 2.0.2 |
| 1.5.4.RELEASE | 2.5.5 | 2.0.2 |
| 1.5.3.RELEASE | 2.5.4 | 2.0.2 |
| 1.5.2.RELEASE | 2.5.4 | 2.0.1 |
| 1.5.1.RELEASE | 2.5.4 | 2.0.1 |
| 1.5.0.RELEASE | 2.5.2 | 2.0.0 |
The versions of the Spring Framework in the table above are the versions that Spring Web Services was compiled against and represent the minimum version that is known to work with a given Spring Web Servicesrelease.
Security vulnerabilities may also be present in earlier unsupported versions of Spring Web Services and / or its dependencies.
Known Vulnerabilities in Spring Web Services
The following vulnerabilities are known to exist in Spring Web Services. The information in this section may not be complete for unsupported versions. Users of unsupported versions are strongly encouraged to upgrade to a supported version.
| Date | Vulnerability | Fixed in version | ||
| 1.0.x | 1.5.x | 2.0.x | ||
| 24 May 2011 | CVE-2011-1942 | Use workaround | 1.5.10 | 2.0.2 |