1124 matches found
Improper Authentication in Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
GHSA-GV9V-C375-HVMG Improper Authentication in Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
This Week in Spring - April 26th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldnt go because - out of an abundance of caution, and since I was exposed to...
Pivotal Spring Security Oauth Resource Management Error Vulnerability
A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...
Denial Of Service (DoS)
Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a sing...
GHSA-C2CP-3XJ9-97W9 Denial of service in Spring Security OAuth2
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
com.atlassian.connect:atlassian-connect-spring-boot-api (>=2.0.2 <=2.0.7), com.atlassian.connect:atlassian-connect-spring-boot-core (>=2.0.2 <=2.0.7) +34 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.4.0.RELEASE <=2.4.1.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.4.0.RELEASE, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.5, =0.0.5, =0.0.5, =5.0.0, =5.0.0, =4.59.5, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.73.8, =1.106.2 and more Source cves: CVE-2022-22969 Source advisory:...
cn.infrabase:infrabase-platform-passport (=0.0.1), cn.itlym:shoulder-starter-auth-server (=0.6) +263 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.5.0.RELEASE <=2.5.1.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.5.0.RELEASE, =1.1.0, =1.1.0, =1.129.9, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =3.2.1.RELEASE, =5.0.0, =1.4.11, =1.4.11, =1.5.7 and more Source cves: CVE-2022-22969 Source advisory: OSV:GHSA-C2CP-3XJ9-97W9...
Denial of service in Spring Security OAuth2
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...
CVE report published for Spring Security OAuth
We have released Spring Security OAuth 2.5.2 to address the following CVE report. CVE-2022-22969: Denial-of-Service DoS in spring-security-oauth2 This vulnerability exposes OAuth 2.0 Client applications only. Please review the information in the CVE report and upgrade immediately...
PT-2022-15749 · Spring · Spring Security Oauth
Name of the Vulnerable Software and Affected Versions: Spring Security OAuth versions 2.5.x prior to 2.5.2 Spring Security OAuth older unsupported versions Description: The issue is a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. ...
Pivotal Spring Security OAuth 资源管理错误漏洞
A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...
This Week in Spring - April 19th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexus 2022. I loved the experience! Hopefully, the only souvenirs Ill have are the amazing memories and...
This Week in Spring - March 29th, 2022
Aloha, Spring fans, from beautiful Maui, Hawaii, where I am with my family on a bit of vacation. Its our daughters Spring break and so were enjoying the family time while we can get it! I wanted to take a brief interlude in between the never-enough time on the beach and all the rum to get this...
Hitachi Vantara Pentaho 授权问题漏洞
Hitachi Pentaho is a service from Hitachi Japan for storing and managing data in a Big Data environment. An authorization issue vulnerability exists in Hitachi Vantara Pentaho that stems from an issue discovered in Hitachi Vantara Pentaho via 9.1 and Pentaho Business Intelligence Server via 7.x...