DEBIAN-CVE-2015-3192

DEBIAN-CVE-2015-3192 PUBLISHED CVSS 5.5 MEDIUM

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	libspring-java	0, 0, 0
Debian:11	libspring-java	0, 0, 0
Debian:14	libspring-java	0, 0, 0
Debian:13	libspring-java	0, 0, 0

Timeline

Jul 12, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-3192 advisory

Open in Interactive Console →