Home > Vulnerability Database > CVE-2015-3192

Mend.io Vulnerability Database

CVE-2015-3192

Good to know:

Date: July 12, 2016

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Language: Java

Severity Score

5.5

Related Resources (27)

Url: http://rhn.redhat.com/errata/RHSA-2016-1593.html

Url: https://github.com/spring-projects/spring-framework/issues/17727

Url: https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

Url: http://pivotal.io/security/cve-2015-3192

Url: https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

Url: https://github.com/advisories/GHSA-6v7w-535j-rq5m

Url: https://github.com/spring-projects/spring-framework/issues/20352

Url: http://rhn.redhat.com/errata/RHSA-2016-1592.html

Url: http://www.securityfocus.com/bid/90853

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3192

Url: https://jira.spring.io/browse/SPR-13136?redirect=false

Url: https://spring.io/security/cve-2015-3192

Url: https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

Url: https://github.com/spring-projects/spring-framework

Url: http://rhn.redhat.com/errata/RHSA-2016-2036.html

Url: https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

Url: https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

Url: http://www.securitytracker.com/id/1036587

Url: https://access.redhat.com/errata/RHSA-2016:1218

Url: https://access.redhat.com/errata/RHSA-2016:1219

Url: https://jira.spring.io/browse/SPR-13136

Url: http://rhn.redhat.com/errata/RHSA-2016-2035.html

Url: https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

Url: https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-3192

Severity Score

5.5

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

Upgrade to version org.springframework:spring-web:3.2.14.RELEASE,4.1.7.RELEASE,org.springframework:spring-oxm:3.2.14.RELEASE,4.1.7.RELEASE

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-3192

Good to know:

Date: July 12, 2016

Language: Java

Severity Score

Related Resources (27)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?