Lucene search
K

6 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/08/14 12:0 a.m.7 views

VulnCheck KEV: CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS6.4AI score0.79176EPSS
Exploits1References1
OSV
OSV
added 2018/10/18 6:6 p.m.33 views

GHSA-7Q9C-H23X-65FQ Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS8.8AI score0.79176EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2018/10/18 6:6 p.m.78 views

Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS3.9AI score0.79176EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2017/05/25 5:29 p.m.22 views

Design/Logic Flaw

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

6.5CVSS8AI score0.79176EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2017/05/25 5:29 p.m.31 views

CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS7.7AI score0.79176EPSS
Exploits1References6
seebug.org
seebug.org
added 2016/10/17 12:0 a.m.326 views

Spring Security Oauth remote code execution vulnerability

Author: p0wd3r 知道创宇404安全实验室 Date: 2016-10-17 0x00 漏洞概述 1.漏洞简介 Spring Security OAuth是为Spring框架提供安全认证支持的一个模块,在7月5日其维护者发布了这样一个升级公告,主要说明在用户使用Whitelabel views来处理错误时,攻击者在被授权的情况下可以通过构造恶意参数来远程执行命令。漏洞的发现者在10月13日公开了该漏洞的挖掘记录。 2.漏洞影响 授权状态下远程命令执行 3.影响版本 2.0.0 to 2.0.9 1.0.0 to 1.0.5 0x01 漏洞复现 1. 环境搭建 bash...

6.5CVSS8.5AI score0.79176EPSS
Exploits1
Rows per page
Query Builder