Lucene search
+L

54 matches found

CVE
CVE
added 2018/10/18 10:0 p.m.108 views

CVE-2018-15758

Spring Security OAuth vulnerability CVE-2018-15758 affects multiple branches: 2.3.x before 2.3.4, 2.2.x before 2.2.3, 2.1.x before 2.1.3, and 2.0.x before 2.0.16 (older unsupported versions). The issue, described across connected sources, allows a malicious user to craft a request to a custom app...

9.6CVSS8.1AI score0.02153EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/10/18 10:0 p.m.46 views

CVE-2018-15758 Privilege Escalation in spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

9.6CVSS9.4AI score0.02153EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/10/17 7:28 p.m.6 views

spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

9.8CVSS8AI score0.08247EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/25 1:15 p.m.29 views

Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1

Summary Interim fixes are needed to upgrade the Spring Security OAuth package in IBM Spectrum Symphony 7.2.0.2 and 7.2.1 to resolve the remote code execution vulnerability CVE-2018-1260. Vulnerability Details CVEID: CVE-2018-1260 DESCRIPTION: Pivotal Spring Security OAuth could allow a remote...

9.8CVSS1.7AI score0.08247EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2018/06/07 8:25 a.m.4 views

spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

9.8CVSS8AI score0.08247EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2018/05/30 7:19 p.m.44 views

CVE-2018-1260

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

9.8CVSS5.9AI score0.08247EPSS
Exploits2References1
Prion
Prion
added 2018/05/11 8:29 p.m.20 views

Remote code execution

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

7.5CVSS9.6AI score0.08247EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2018/05/11 8:29 p.m.29 views

CVE-2018-1260

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

9.8CVSS9.9AI score0.08247EPSS
Exploits2References4
Cvelist
Cvelist
added 2018/05/11 8:0 p.m.47 views

CVE-2018-1260

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

9.7AI score0.08247EPSS
Exploits2References4
CVE
CVE
added 2018/05/11 8:0 p.m.150 views

CVE-2018-1260

CVE-2018-1260 concerns Spring Security OAuth; remote code execution is possible in affected releases. The vulnerability affects Spring Security OAuth versions prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, and 2.0 prior to 2.0.15 and older unsupported versions. A malicious user can craft...

9.8CVSS9.5AI score0.08247EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2017/05/25 5:29 p.m.33 views

CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS7.7AI score0.79176EPSS
Exploits1References6
myhack58
myhack58
added 2016/10/19 12:0 a.m.59 views

CVE-2 0 1 6-4 9 7 7: RCE in Spring Security Oauth vulnerability analysis-vulnerability warning-the black bar safety net

Version affected Pivotal Spring Security OAuth 2.0 – 2.0.9 Pivotal Spring Security OAuth 1.0 – 1.0.5 Background A few months ago, I for one use Spring Security OAuth framework for authorization of the Web application were tested. In my research, I discovered some issues, including remote code...

0.79176EPSS
Exploits1
seebug.org
seebug.org
added 2016/10/17 12:0 a.m.331 views

Spring Security Oauth remote code execution vulnerability

Author: p0wd3r 知道创宇404安全实验室 Date: 2016-10-17 0x00 漏洞概述 1.漏洞简介 Spring Security OAuth是为Spring框架提供安全认证支持的一个模块,在7月5日其维护者发布了这样一个升级公告,主要说明在用户使用Whitelabel views来处理错误时,攻击者在被授权的情况下可以通过构造恶意参数来远程执行命令。漏洞的发现者在10月13日公开了该漏洞的挖掘记录。 2.漏洞影响 授权状态下远程命令执行 3.影响版本 2.0.0 to 2.0.9 1.0.0 to 1.0.5 0x01 漏洞复现 1. 环境搭建 bash...

6.5CVSS8.5AI score0.79176EPSS
Exploits1
CNVD
CNVD
added 2016/08/27 12:0 a.m.58 views

Spring Security OAuth Remote Command Execution Vulnerability

Spring is a lightweight Java development framework . Security OAuth provides a Spring Security authorization filter . A remote command execution vulnerability exists in Spring Security OAuth that could be exploited by an attacker to execute arbitrary code in the context of an affected application...

8.8CVSS9AI score0.79176EPSS
Exploits1References1
Rows per page
Query Builder