CVE-2011-2730

CVE-2011-2730 concerns VMware SpringSource Spring Framework (versions 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6) where EL-enabled containers evaluate EL expressions in several Spring tags twice, enabling an attacker to obtain sensitive information from attributes such as name, path, argume...

CVE-2011-2731

CVE-2011-2731 concerns a race condition in the RunAsManager of VMware SpringSource Spring Security. The vulnerability arises when an escalated Authentication object is stored in the shared security context, which could allow another thread to observe or gain privileges. Affected are Spring Securi...

CVE-2011-2730

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

CVE-2011-2732

Spring Security vulnerability (CVE-2011-2732) involves CRLF injection in logout handling via the spring-security-redirect parameter, allowing header injection and HTTP response splitting. Affected versions: 2.0.0–2.0.6 and 3.0.0–3.0.5. Root cause: shared logout code reads the redirect parameter f...

Struts2 remote code execution vulnerability detection principle and code level implementation-vulnerability warning-the black bar safety net

Laboratory evan-css analysis of the recent very fire of Struct2 vulnerability hole. Recently very fire the Struts2 vulnerability everyone should have heard of it, if you haven't heard it doesn't matter about this vulnerability can be described with a one-sentence summary: vulnerability is...

[SECURITY] [DSA 2504-1] libspring-2.5-java security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...

Spring Framework information leakage

No description provided...

DSA-2504-1 libspring-2.5-java - information disclosure

Bulletin has no description...

Report: Syrian Government Using Targeted Skype Attacks, Malware To Spy On Dissidents

In a post on the F-Secure Labs blog, Chief Research Officer Mikko Hypponen says the firm received a hard drive image from a “contact” within Syria who believed that his computer had been compromised. An F-Secure analysis of the drive’s contents and Web history revealed evidence of a targeted atta...

Hacktivism Breached 174 Million Records in 2011

Hacktivism Breached 174 Million Records in 2011 According to the Verizon 2012 Data Breach Investigations Report released on Thursday, Hacktivists stole more data from large corporations than cybercriminals in 2011, according to a study of significant security incidents. The report surveyed 855 da...

Pakistani Government Looking For Homegrown URL Blocking System

According to a request for proposals from the government’s National ICT Information and Communications and Technologies R&D Fund, the government is struggling to stay on top of growing Internet and WEb use and is looking for a way to filter out undesirable Web sites. “Many countries have deployed...

CVE-2011-2894

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

Deserialization of untrusted data

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

CVE-2011-2894

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

CVE-2011-2894

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

CVE-2011-2894

CVE-2011-2894 describes insecure deserialization in Spring Framework 3.0.0–3.0.5 and Spring Security 2.0.0–2.0.6 and 3.0.0–3.0.5, where untrusted data can cause remote code execution by deserializing proxies or via exposed internal AOP interfaces (e.g., DefaultListableBeanFactory), enabling arbit...

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update

Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0 that fix multiple security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

CVE-2011-2731: Spring Security privilege escalation when using RunAsManager

CVE-2011-2731: Spring Security privilege escalation when using RunAsManager Severity: Moderate Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security provides a mechanism RunAsManager to allow particular operations to run with a differe...

CVE-2011-2730: Spring Framework Information Disclosure

CVE-2011-2730: Spring Framework Information Disclosure Severity: Variable depending on application. Likely to be low to moderate, may be important. Version affected: 3.0.0 to 3.0.5 2.5.0 to 2.5.6.SEC02 community releases 2.5.0 to 2.5.7.SR01 subscription customers Earlier, unsupported versions may...