54 matches found
CVE-2018-15758
Spring Security OAuth vulnerability CVE-2018-15758 affects multiple branches: 2.3.x before 2.3.4, 2.2.x before 2.2.3, 2.1.x before 2.1.3, and 2.0.x before 2.0.16 (older unsupported versions). The issue, described across connected sources, allows a malicious user to craft a request to a custom app...
CVE-2018-15758 Privilege Escalation in spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
spring-security-oauth: remote code execution in the authorization process
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1
Summary Interim fixes are needed to upgrade the Spring Security OAuth package in IBM Spectrum Symphony 7.2.0.2 and 7.2.1 to resolve the remote code execution vulnerability CVE-2018-1260. Vulnerability Details CVEID: CVE-2018-1260 DESCRIPTION: Pivotal Spring Security OAuth could allow a remote...
spring-security-oauth: remote code execution in the authorization process
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
CVE-2018-1260
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
Remote code execution
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
CVE-2018-1260
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
CVE-2018-1260
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
CVE-2018-1260
CVE-2018-1260 concerns Spring Security OAuth; remote code execution is possible in affected releases. The vulnerability affects Spring Security OAuth versions prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, and 2.0 prior to 2.0.15 and older unsupported versions. A malicious user can craft...
CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
CVE-2 0 1 6-4 9 7 7: RCE in Spring Security Oauth vulnerability analysis-vulnerability warning-the black bar safety net
Version affected Pivotal Spring Security OAuth 2.0 – 2.0.9 Pivotal Spring Security OAuth 1.0 – 1.0.5 Background A few months ago, I for one use Spring Security OAuth framework for authorization of the Web application were tested. In my research, I discovered some issues, including remote code...
Spring Security Oauth remote code execution vulnerability
Author: p0wd3r 知道创宇404安全实验室 Date: 2016-10-17 0x00 漏洞概述 1.漏洞简介 Spring Security OAuth是为Spring框架提供安全认证支持的一个模块,在7月5日其维护者发布了这样一个升级公告,主要说明在用户使用Whitelabel views来处理错误时,攻击者在被授权的情况下可以通过构造恶意参数来远程执行命令。漏洞的发现者在10月13日公开了该漏洞的挖掘记录。 2.漏洞影响 授权状态下远程命令执行 3.影响版本 2.0.0 to 2.0.9 1.0.0 to 1.0.5 0x01 漏洞复现 1. 环境搭建 bash...
Spring Security OAuth Remote Command Execution Vulnerability
Spring is a lightweight Java development framework . Security OAuth provides a Spring Security authorization filter . A remote command execution vulnerability exists in Spring Security OAuth that could be exploited by an attacker to execute arbitrary code in the context of an affected application...