je.st
news
Major flaw in Java-based Spring Framework allows remote-code execution by attackers
2013-01-17 20:16:15| InfoWorld: Top News
There's a major flaw in the Java-based Spring Framework open-source development code that allows remote-code execution by attackers against applications built with it, according to the security firm Aspect Security, which identified the flaw. "It allows attackers to inject code," says Jeff Williams, CEO at Aspect Security. The weakness is in what's called the "expression language" function in the Spring Framework development code.
Tags: major
spring
framework
execution
Category:Information Technology