CVE-2016-9878

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9878
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9878.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9878
Aliases
Downstream
Published
2016-12-29T09:59:00.820Z
Modified
2026-04-10T03:55:30.531655Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

References

Affected packages

Git / github.com/spring-projects/spring-framework

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
abdcefb460fcbc1348ef04505a78381a2c69a643
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
22a14c02c2fad2f7338bb66a759f325f17089612
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b49d801f241fb8088a5b7514db93fda32c58731c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
234cb84e832da30b6f53ccca4ef28043aacfcecc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8b293e1be40b949b8de5d6ff7411c11416fe3d5a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7482cf902106db2bff9e912cb67bdeea3adf5855
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fc73f6bb2c2a65fadb4a7720af95bf9850733e60
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
015e1bec649d84d146b04e0062723c88e350e1b2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f440f927198c8b4959c727aec80e9b7423a4f548
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5b99ee299031d331da9d4cc393ff1c24e0c8d63b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
28d43f886c5e387dbb496e850782274ec9176160
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
58587159f08a5349801671b486cd781baa63cb9f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1e727d65772327b5d89d89e4825e44484b6dd681
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
30aecf3cc56c568e89e46cac0d87f280c07a847c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f9c99e5cfc97e1b8958520b5155aed06d441202
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a1efe4f35d067b93d6ff4b3850ae9b9d6d6f6e26
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0edb85c78b5844a42525705bec2901b773f844c2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e3e2272a755a53863276850eb80dd5032f3cf571
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d802e2826a85a50b302f3da6770e6583822e2db8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
022f1c335755a00d947540fc307741b419bfe9ac
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
201b2d752efc4c79b0d52d90e95dac1093520d5f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8d6636aab1c2ae892bff33fe66341eda4017cbb6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
345570109ae2dbdafe05a4270f0c710b7d53d050
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
137dc19fcdeee5a5edc230b39d2cc47f01624df7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dd42a21f3968c165af924310fce460694803756f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
77c0292665bc5e61d0e5108f9cd7e066381f28d3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75bf620ae7df0967965a02e54e01f47ea5fa6f8c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d111af1b88b53f2589d017a7cb6d068464d9bf77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a88b80195aedb70d3c351abeba8e6a0a93af339e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
62b8f97f0f50b1e3a930c23aa313ca10aa48498f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
90718ef0d958759527fa7066a7149d8151664dda
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
330ba990490286f0d871120e44f0b9297adf0825
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.4"
        }
    ]
}

Affected versions

v3.*
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2-A
v3.2.0.RELEASE
v3.2.1.RELEASE
v3.2.10.RELEASE
v3.2.11.RELEASE
v3.2.12.RELEASE
v3.2.13.RELEASE
v3.2.14.RELEASE
v3.2.15.RELEASE
v3.2.16.RELEASE
v3.2.17.RELEASE
v3.2.2.RELEASE
v3.2.3.RELEASE
v3.2.4.RELEASE
v3.2.5.RELEASE
v3.2.6.RELEASE
v3.2.7.RELEASE
v3.2.8.RELEASE
v3.2.9.RELEASE
v4.*
v4.0.0.M1
v4.0.0.M2
v4.0.0.M3
v4.0.0.RC1
v4.0.0.RC2
v4.2.0.RELEASE
v4.2.1.RELEASE
v4.2.2.RELEASE
v4.2.3.RELEASE
v4.2.4.RELEASE
v4.2.5.RELEASE
v4.2.6.RELEASE
v4.2.7.RELEASE
v4.2.8.RELEASE
v4.3.0.RELEASE
v4.3.1.RELEASE
v4.3.2.RELEASE
v4.3.3.RELEASE
v4.3.4.RELEASE

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9878.json"