SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-06-21T16:00:00

Updated: 2024-08-07T01:28:42.999Z

Reserved: 2010-04-29T00:00:00

Link: CVE-2010-1622

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-06-21T16:30:01.180

Modified: 2024-11-21T01:14:49.797

Link: CVE-2010-1622

cve-icon Redhat

Severity : Important

Publid Date: 2010-06-17T00:00:00Z

Links: CVE-2010-1622 - Bugzilla