{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T06:52:18.208","vulnerabilities":[{"cve":{"id":"CVE-2014-3625","sourceIdentifier":"secalert@redhat.com","published":"2014-11-20T17:50:00.113","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling."},{"lang":"es","value":"Vulnerabilidad de salto de directorio (Directory Traversal) en Pivotal Spring Framework versión 3.0.4 hasta 3.2.x anterior a 3.2.12, versión 4.0.x anterior a 4.0.8 y versión 4.1.x anterior a 4.1.2, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados, relacionados al manejo de recurso estático."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndIncluding":"3.1.4","matchCriteriaId":"FF9AB837-EAF8-45AC-9758-CC4357B54C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.12","matchCriteriaId":"BF486CA6-B388-4E08-B752-5B1D92881377"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.8","matchCriteriaId":"85B0B579-8E34-4C21-80E1-461D7A797075"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.2","matchCriteriaId":"C0F7D07C-183C-4F53-AD9E-3A7E5820E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.4","versionEndIncluding":"3.0.7","matchCriteriaId":"1DFC0C4B-DA2F-4F49-9132-44E89A3BD6B9"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-0236.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.pivotal.io/security/cve-2014-3625","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://jira.spring.io/browse/SPR-12354","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html","source":"secalert@redhat.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0236.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.pivotal.io/security/cve-2014-3625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://jira.spring.io/browse/SPR-12354","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}