Lucene search
+L

164 matches found

NVD
NVD
added 2017/11/27 10:29 a.m.26 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.1CVSS8.4AI score0.02547EPSS
Exploits1References5
NVD
NVD
added 2017/11/27 10:29 a.m.22 views

CVE-2017-8045

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack...

9.8CVSS9.6AI score0.03554EPSS
Exploits2References2
OSV
OSV
added 2017/11/27 10:29 a.m.23 views

CVE-2017-8045

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack...

9.8CVSS7.6AI score0.03554EPSS
Exploits2References2
OSV
OSV
added 2017/11/27 10:29 a.m.22 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.1CVSS7.7AI score0.02547EPSS
Exploits1References5
OSV
OSV
added 2017/11/27 10:29 a.m.22 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS6.6AI score0.00963EPSS
Exploits0References2
Prion
Prion
added 2017/11/27 10:29 a.m.20 views

Remote code execution

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack...

7.5CVSS9.6AI score0.03554EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2017/11/27 10:0 a.m.82 views

CVE-2017-4995

CVE-2017-4995 describes a deserialization vulnerability in Pivotal Spring Security 4.2.0.RELEASE–4.2.2.RELEASE and Spring Security 5.0.0.M1 when Jackson default typing is enabled. If Spring Security’s Jackson support is leveraged (SecurityJackson2Modules.getModules(ClassLoader) or enableDefaultTy...

8.1CVSS8.3AI score0.02547EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.24 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.4AI score0.02547EPSS
Exploits1References5
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.45 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.6AI score0.00963EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.27 views

CVE-2017-8045

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack...

9.7AI score0.03554EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.38 views

CVE-2017-8028

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...

8.2AI score0.02606EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2017/11/09 12:0 a.m.51 views

Pivotal Spring PATCH Request Remote Code Execution (CVE-2017-8046)

A remote code execution vulnerability exists in Pivotal Spring Data REST. The vulnerability is due to insufficient validation of user supplied input. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected server...

7.5CVSS4.1AI score0.74355EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2017/09/22 8:49 a.m.41 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS3.2AI score0.15858EPSS
Exploits1References2
CNVD
CNVD
added 2017/09/22 12:0 a.m.12 views

Pivotal Spring Data REST Remote Code Execution Vulnerability

Spring Data REST is part of the Spring Data project and enables building hypermedia-driven REST web services on top of the Spring Data repository. A remote code execution vulnerability exists in Pivotal Spring Data REST, which allows an attacker to perform a remote code execution attack by...

9.8CVSS9.6AI score0.74355EPSS
Exploits8References1
Prion
Prion
added 2017/06/13 6:29 a.m.20 views

Design/Logic Flaw

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

4.3CVSS5.4AI score0.15858EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/06/13 6:29 a.m.30 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS5.8AI score0.15858EPSS
Exploits1References3
OSV
OSV
added 2017/06/13 6:29 a.m.29 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS6.5AI score0.15858EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.44 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.5AI score0.15858EPSS
Exploits1References3
seebug.org
seebug.org
added 2017/06/12 12:0 a.m.123 views

Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)

Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...

4.3CVSS6.8AI score0.15858EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2017/06/01 7:19 a.m.27 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS2.9AI score0.15858EPSS
Exploits1References2
Rows per page
Query Builder