VMware Spring Security是美国威睿(VMware )公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。
VMware Spring Security 4.2.12之前的4.2.x版本、5.0.12之前的的5.0.x版本和5.1之前的5.1.x版本中存在安全漏洞。攻击者可利用该漏洞泄露信息。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://pivotal.io/security/cve-2019-3795
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
来源:spring.io
链接:https://spring.io/projects/spring-security
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1799/
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/107802
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/
来源:pivotal.io
链接:https://pivotal.io/security/cve-2019-3795
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/spring-security-bad-quality-of-the-PRNG-SecureRandomFactoryBean-29353
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-3795
来源:www.securityfocus.com
链接:http://www.securityfocus.com/bid/107802