Name of the Vulnerable Software and Affected Versions:

Spring Framework MVC applications (affected versions not specified)

Description:

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. This issue occurs when the application is deployed as a WAR or with an embedded Servlet container, the Servlet container does not reject suspicious sequences, and the application serves static resources with Spring resource handling. Applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, assuming default security features are not disabled.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.