Detections
Analytics

CVE-2010-1622

medium

Description

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

References

https://www.microsoft.com/en-us/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/

https://www.tenable.com/blog/spring4shell-faq-spring-framework-remote-code-execution-vulnerability

http://www.vupen.com/english/advisories/2011/0237

http://www.securitytracker.com/id/1033898

http://www.securityfocus.com/bid/40954

http://www.redhat.com/support/errata/RHSA-2011-0175.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://secunia.com/advisories/43087

http://secunia.com/advisories/41025

http://secunia.com/advisories/41016

http://geronimo.apache.org/22x-security-report.html

http://geronimo.apache.org/21x-security-report.html

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html

Details

Source: Mitre, NVD

Published: 2010-06-21

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Severity: Medium

EPSS

EPSS: 0.03796