springframework: information disclosure
| Package(s): | springframework | CVE #(s): | CVE-2014-0225 | ||||||||
| Created: | May 8, 2015 | Updated: | May 13, 2015 | ||||||||
| Description: | From the bug report: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP addresses on the internal network with functioning web servers. | ||||||||||
| Alerts: |
| ||||||||||