I just posted a blog entry with more details about the Spring MVC vulnerabilities I found almost 3 year ago (when working with Ounce): <a href="http://diniscruz.blogspot.com/2011/07/two-security-vulnerabilities-in-spring.html">http://diniscruz.blogspot.com/2011/07/two-security-vulnerabilities-in-spring.html</a><div>
<br></div><div>Here is the direct link to the document we published then: <a href="http://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf">http://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf</a></div>
<div><br></div><div>Like I mention on that blog, there is a LOT that can be done in O2 today when reviewing Spring MVC apps, and if you have some cycles I could do with some help in documenting them (and publishing some of  my scripts that visualize the inner workings/mappings of an Spring MVC app)<br clear="all">
<br>Dinis Cruz<br><br>Blog: <a href="http://diniscruz.blogspot.com">http://diniscruz.blogspot.com</a><br>Twitter: <a href="http://twitter.com/DinisCruz">http://twitter.com/DinisCruz</a><br>Web: <a href="http://www.owasp.org/index.php/O2">http://www.owasp.org/index.php/O2</a><br>

</div>