JVN#15643848: Spring Security and Spring Framework vulnerable to authentication bypass

Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Impact A remote attacker can bypass authentication. As a result, the attacker gains access to the server and information may be disclosed. Solution Update the Software Update to...

Security Constraint Bypass

spring-security-web and spring-web are vulnerable to security bypass with static resources. Spring uses the output of getPathInfo when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value from getPathInfo. Using this...

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

Deserialization of untrusted data

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

CVE-2017-4995

CVE-2017-4995 describes a deserialization vulnerability in Pivotal Spring Security 4.2.0.RELEASE–4.2.2.RELEASE and Spring Security 5.0.0.M1 when Jackson default typing is enabled. If Spring Security’s Jackson support is leveraged (SecurityJackson2Modules.getModules(ClassLoader) or enableDefaultTy...

CVE-2017-4995

It was found that spring security uses Jackson's enableDefaultTyping polymorphic capability for object deserialization. Jackson has already addressed this issue by blacklisting well-known gadget classes. However, under a right circumstances e.g. an existence of an old JDK and vulnerable Jackson i...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Apache Struts2 S2-049 Denial of Service Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 S2-049 denial of service vulnerability , the reason for this vulnerability is that Struts2 call Spring security AOP proxy...

Pivotal Spring Security Deserialization Remote Code Execution Vulnerability

Pivotal Spring Security is a suite of security frameworks from Pivotal Software that provide illustrative security protection for Spring-based applications. A remote code execution vulnerability exists in Pivotal Spring Security versions 4.2.0 through 4.2.2 and 5.0.0.M1. A remote attacker could...

GoCD: Spring security configuration allows agent sessions to be hijacked

Summary ======= If agents have successfully logged in, then unauthenticated requests to /go/agent-websocket or /go/remoting/ will randomly succeed sometimes. Description ======== The deprecated X509ProcessingFilter apparently does not work without a HttpSessionContextIntegrationFilter earlier on...

Remote Code Execution (RCE)

spring-security-core is vulnerable to remote code execution RCE. Spring Security uses jackson-databind with global default typing enabled which allows the deserialization of unknown gadgets which allows remote code execution if one of the following scenarios is true: 1 The...

Security fix for the ALT Linux 8 package sudo version 1:1.8.20p1-alt1

May 31, 2017 Evgeny Sinelnikov 1:1.8.20p1-alt1 - Update to spring security release Fixes: CVE-2017-1000367...

CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...

CVE-2014-3527

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the...

Design/Logic Flaw

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

UBUNTU-CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...

DEBIAN-CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...