All SpringSource security vulnerabilities

Overview

This page lists all published security vulnerabilities for SpringSource products. Links are also provided to the security pages for 3rd-party dependecies. See the individual product pages for dependency information.

Vulnerability reports

Date	CVE Reference	Description
29 March 2012	CVE-2012-1833	Grails data binding vulnerability
9 September 2011	CVE-2011-2894	Spring Framework and Spring Security serialization-based remoting vulnerabilities
9 September 2011	CVE-2011-2732	Spring Security header injection vulnerability
9 September 2011	CVE-2011-2731	Spring Security Privilege escalation when using RunAsManager
9 September 2011	CVE-2011-2730	Spring Framework Information Disclosure
10 August 2011	CVE-2011-0527	vFabric tc Server password obfuscation bypass
24 May 2011	CVE-2011-1942	Spring Web Services: Information Disclosure
5 February 2011	CVE-2009-2899	Hyperic HQ: Information disclosure
27 October 2010	CVE-2010-3700	Spring Security: Bypass of security constraints
17 June 2010	CVE-2010-1622	Spring Framework: Execution of arbitrary code
13 May 2010	CVE-2010-1454	tc Server Runtime: Unauthenticated access to remote JMX interface
23 March 2010	CVE-2009-2907	Hyperic HQ: Multiple XSS
2 October 2009	CVE-2009-2898	Hyperic HQ: Stored XSS
2 October 2009	CVE-2009-2897	Hyperic HQ: Reflected XSS
22 April 2009	CVE-2009-1190	Spring Framework: Remote denial of service

3rd-party dependencies

Product	Used by	Security advisories
Apache httpd	ERS httpd	httpd security advisories
Apache Tomcat 5	ERS Tomcat	Tomcat 5 security advisories
Apache Tomcat 6	tc Server Hyperic HQ ERS Tomcat dm Server	Tomcat 6 security advisories
Apache Tomcat 7	tc Server	Tomcat 7 security advisories
Dojo	Spring Insight Spring Web Flow tc Server Hyperic HQ dm Server AMS	Dojo security advisories
JBoss Application Server 4.2.x	Hyperic HQ AMS	4.2.x errata