Debian 2.5: DSA-2504-1 Critical Info Disclosure in Libspring
debian
June 28, 2012
It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to a...
Topics Covered
Summary
It was discovered that the Spring Framework contains an information
disclosure vulnerability in the processing of certain Expression
Language (EL) patterns, allowing attackers to access sensitive
information using HTTP requests.
NOTE: This update adds a springJspExpressionSupport context parameter
which must be manually set to false when the Spring Framework runs
under a container which provides EL support itself.
For the stable distribution (squeeze), this problem has been fixed in
version 2.5.6.SEC02-2+squeeze1.
We recommend that you upgrade your libspring-2.5-java packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libspring-2.5-java
CVE ID: CVE-2011-2730
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!