CVE-2010-1622

ADVISORY - github

Summary

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

EPSS Score⁠: 0.01856 (0.831)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - github

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - redhat

CWE-96⁠

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Impacted images

Advisories

NIST

CREATED

16 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2010-1622⁠

EXPLOITABILITY SCORE

6.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6medium

GitHub

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-vpr3-f594-mg5g⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

N/Amedium

GitLab

CREATED

16 years ago

UPDATED

4 years ago

ADVISORY ID

CVE-2010-1622

EXPLOITABILITY SCORE

6.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-78⁠CWE-937⁠CWE-94⁠

CVSS SCORE

6medium

Red Hat

CREATED

16 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2010-1622⁠

EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2010-1622⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY