6517 matches found
GHSA-H8W4-QV99-F7VJ Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
br.com.anteros:Anteros-Keycloak (=1.0.0), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +57 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.2.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =4.0.1 - com.ge.research.semtk:springSecurityLibrary =2.2.2 -...
am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +525 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.0.0.RELEASE <=2.0.15.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2018-15758 Source...
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
br.com.anteros:Anteros-Security-Spring (>=2.0.0 <=2.0.20), br.com.anteros:Anteros-Security-Spring-Mongo (>=1.0.0 <=1.0.5) +83 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.3.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =3.0.0.RELEASE, =1.0.4, =1.0.9 - com.github.lizixiang:triph-common =0.0.1-RELEASE and more Source cves: CVE-2018-15758...
Privilege Escalation
spring-security-oauth2 is vulnerable to privilege escalation. The library does not properly handle the AuthorizationRequest parameter state, allowing a malicious user to pass a request to an approval endpoint and modify a previous authorization request, leading to a privilege escalation...
Denial Of Service (DoS)
spring-web is vulnerable to denial of service DoS. A malicious user can pass a HTTP request containing a header with overlapping ranges, leading to an error which would crash the service...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
UBUNTU-CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
DEBIAN-CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
Authorization
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
Denial of service
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15758 Privilege Escalation in spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15756 DoS Attack via Range Requests
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15758
Spring Security OAuth vulnerability CVE-2018-15758 affects multiple branches: 2.3.x before 2.3.4, 2.2.x before 2.2.3, 2.1.x before 2.1.3, and 2.0.x before 2.0.16 (older unsupported versions). The issue, described across connected sources, allows a malicious user to craft a request to a custom app...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...