Updated springframework packages fix CVE-2014-0225
Publication date: 11 May 2015Modification date: 11 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0225
Description
Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP addresses on the internal network with functioning web servers (CVE-2014-0225).
References
SRPMS
4/core
- springframework-3.1.4-2.3.mga4