Toshiaki Maki

**Name of the Vulnerable Software and Affected Versions** Pivotal Spring Framework versions prior to 3.2.14 Pivotal Spring Framework versions 4.x prior to 4.1.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory consumption and out-of-memory errors, by processing a crafted XML file with inline DTD declarations when DTD is not entirely disabled. **Recommendations** For versions prior to 3.2.14, update to version 3.2.14 or later to resolve the issue. For versions 4.x prior to 4.1.7, update to version 4.1.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pivotal Spring Framework versions 3.0.4 through 3.2.x before 3.2.12 Pivotal Spring Framework versions 4.0.x before 4.0.8 Pivotal Spring Framework versions 4.1.x before 4.1.2 **Description** The issue allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. **Recommendations** For versions 3.0.4 through 3.2.x before 3.2.12, update to version 3.2.12 or later. For versions 4.0.x before 4.0.8, update to version 4.0.8 or later. For versions 4.1.x before 4.1.2, update to version 4.1.2 or later.