VDB
CVE-2014-3625
CVE-2014-3625
PUBLISHED
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
EPSS 16.99% · 95.1th percentile
Risk Scores
EPSS Score
16.99%
95.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | libspring-java | *, 0, 3.0.6.RELEASE-7 |
Exploit Intelligence
- String MVC Framework Path-Traversal proof of concept. CVE-2014-3625 (github-poc)
- String MVC Framework Path-Traversal proof of concept. CVE-2014-3625 (github-poc)
- String MVC Framework Path-Traversal proof of concept. CVE-2014-3625 (github-poc)
- String MVC Framework Path-Traversal proof of concept. CVE-2014-3625 (github-poc)
- String MVC Framework Path-Traversal proof of concept. CVE-2014-3625 (github-poc)
- spring mvc cve-2014-3625 (github-poc)
- spring mvc cve-2014-3625 (github-poc)
- spring mvc cve-2014-3625 (github-poc)
- spring mvc cve-2014-3625 (github-poc)
- spring mvc cve-2014-3625 (github-poc)
Timeline
- Nov 20, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 14, 2024 CVE Updated
- Mar 19, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 12, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-3625 third-party-advisory
- https://github.com/spring-projects/spring-framework/commit/3f68cd third-party-advisory
- http://www.pivotal.io/security/cve-2014-3625 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-3625 third-party-advisory
- https://ubuntu.com/security/notices/USN-4774-1 vendor-advisory