CVE-2015-3192

medium

VMware

CVSS v3 Base Score

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

1.4%

Exploitation probability in 30 days

Top 20% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

None

Integrity

None

Availability

High

Published: July 12, 2016 (3593 days ago)

Last Modified: May 6, 2026

Vendor: VMware

Source: NVD

Description

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

CWE

CWE-119

Affected Products

pivotal software spring frameworkvmware spring frameworkfedoraproject fedora

References

🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org 🔗 pivotal.io 🔗 rhn.redhat.com 🔗 rhn.redhat.com

CVE-2015-3192

Vulnerability Report

Description

CWE

Affected Products

References