VMware.SpringSource.Spring.Framework.ClassLoader.Code.Execution

Release Date Aug 26, 2010
Severity medium
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attack attempt against a remote code-execution vulnerability in VMware SpringSource Spring Framework. The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code.
Affected Products VMware SpringSource Spring Framework 3.0.2 VMware SpringSource Spring Framework 3.0.1 VMware SpringSource Spring Framework 3.0 VMware SpringSource Spring Framework 2.6.6 VMware SpringSource Spring Framework 2.5.7 VMware SpringSource Spring Framework 2.5.6 VMware SpringSource Spring Framework 2.5.6 VMware SpringSource Spring Framework 2.5.5 VMware SpringSource Spring Framework 2.5.5 VMware SpringSource Spring Framework 2.5.4 VMware SpringSource Spring Framework 2.5.4 VMware SpringSource Spring Framework 2.5.3 VMware SpringSource Spring Framework 2.5.3 VMware SpringSource Spring Framework 2.5.2 VMware SpringSource Spring Framework 2.5.2 VMware SpringSource Spring Framework 2.5.1 VMware SpringSource Spring Framework 2.5.1 VMware SpringSource Spring Framework 2.5 VMware SpringSource Spring Framework 2.5
Recommended Actions Apply the patch supplied by the vendor: http://www.springsource.com/security/cve-2010-1622
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2010-1622
Reference/s http://www.securityfocus.com/bid/40954 (BugTraq)

Fortinet