Detections
Analytics

Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)

critical Nessus Plugin ID 183546

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory.

 - Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. (CVE-2015-3192)

 - Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. (CVE-2015-5211)

 - An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. (CVE-2016-9878)

 - When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. (CVE-2014-0225)

 - Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. (CVE-2014-3625)

 - Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. (CVE-2014-3578)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-4774-1

Plugin Details

Severity: Critical

ID: 183546

File Name: ubuntu_USN-4774-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/20/2023

Updated: 10/20/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-5211

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:libspring-aop-java, p-cpe:/a:canonical:ubuntu_linux:libspring-beans-java, p-cpe:/a:canonical:ubuntu_linux:libspring-context-java, p-cpe:/a:canonical:ubuntu_linux:libspring-context-support-java, p-cpe:/a:canonical:ubuntu_linux:libspring-core-java, p-cpe:/a:canonical:ubuntu_linux:libspring-expression-java, p-cpe:/a:canonical:ubuntu_linux:libspring-instrument-java, p-cpe:/a:canonical:ubuntu_linux:libspring-jdbc-java, p-cpe:/a:canonical:ubuntu_linux:libspring-jms-java, p-cpe:/a:canonical:ubuntu_linux:libspring-orm-java, p-cpe:/a:canonical:ubuntu_linux:libspring-oxm-java, p-cpe:/a:canonical:ubuntu_linux:libspring-test-java, p-cpe:/a:canonical:ubuntu_linux:libspring-transaction-java, p-cpe:/a:canonical:ubuntu_linux:libspring-web-java, p-cpe:/a:canonical:ubuntu_linux:libspring-web-portlet-java, p-cpe:/a:canonical:ubuntu_linux:libspring-web-servlet-java, p-cpe:/a:canonical:ubuntu_linux:libspring-web-struts-java

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/17/2021

Vulnerability Publication Date: 5/28/2014

Reference Information

CVE: CVE-2014-0225, CVE-2014-3578, CVE-2014-3625, CVE-2015-3192, CVE-2015-5211, CVE-2016-9878

USN: 4774-1