Directory Traversal Vulnerability in Pivotal Spring Framework
CVE-2014-3625

Currently unrated

Key Information:

Vendor
CVE Published:
20 November 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 10%

What is CVE-2014-3625?

A directory traversal vulnerability exists in the Pivotal Spring Framework which enables remote attackers to read arbitrary files from the server. This vulnerability arises from improper handling of static resources in the framework, allowing exploitation through unspecified vectors. This can potentially expose sensitive files, leading to data disclosure and further security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.