Home > Vulnerability Database > CVE-2016-9878

Mend.io Vulnerability Database

CVE-2016-9878

Good to know:

Date: December 29, 2016

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Language: Java

Severity Score

7.5

Related Resources (19)

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-9878

Url: https://security.netapp.com/advisory/ntap-20180419-0002/

Url: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Url: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Url: https://security.netapp.com/advisory/ntap-20180419-0002

Url: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0

Url: https://github.com/advisories/GHSA-2m8h-fgr8-2q9w

Url: http://www.securityfocus.com/bid/95072

Url: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Url: https://github.com/spring-projects/spring-framework

Url: https://access.redhat.com/errata/RHSA-2017:3115

Url: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98

Url: http://www.securitytracker.com/id/1040698

Url: https://pivotal.io/security/cve-2016-9878

Url: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Url: https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Url: https://github.com/spring-projects/spring-framework/issues/19513

Url: https://www.mend.io/vulnerability-database/CVE-2016-9878

Severity Score

7.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version 3.2.18,4.2.9,4.3.5.

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-9878

Good to know:

Date: December 29, 2016

Language: Java

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?