VDB
DEBIAN-CVE-2016-9878
DEBIAN-CVE-2016-9878
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | libspring-java | 0, 0, 0 |
| Debian:11 | libspring-java | 0, 0, 0 |
| Debian:14 | libspring-java | 0, 0, 0 |
| Debian:13 | libspring-java | 0, 0, 0 |
Timeline
- Dec 29, 2016 CVE Published
- Apr 28, 2026 CVE Updated